[rewritten] PR #280

[coverage] Answering machines unit tests

[coverage] More tests for scapy/*.py files

Display IPsec field in hexadecimal

[coverage] Fix codecov results

Added link to 64bit Python version and added remark that pyreadline and Python should both be 64bits or 32bits.
(Also now link to Python 2.7.13 instead of 2.7.12)

To increase usability, display string field in hexadecimal.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Smaller unit tests results

* Code cleaning, unit tests
* Fix manuf DB path
* Specify seed in volatile objects using RandomEnumeration
* pypy fixes

FlagValue: use consistant (always a string) output

There is a distinction to be made between the IV generated using
CryptAlgo.generate_iv and the IV given as argument to the cipher mode in
CryptAlgo.new_cipher.

The first one is random string which is sent with the ESP packet (first
bytes of the data field). The cipher mode only affects the size of the
string in our implementation (some modes like GCM may implement a
counter instead of pure random).

And the second is a combination of the salt, the ESP iv and possibly other
things. This can vary a lot depending on the mode.

Add an attribute to CryptAlgo to give a function computing this "second"
IV based on SA information.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

When running the command method on a packet, by default, the __repr__
method of the value is used to dump a field.
Although, the __repr__ method of the new FlagValue class is not a valid
python syntax:

In [2]: IP(flags=0).command()
Out[2]: 'IP(flags=<Flag 0 ()>)'

In [3]: IP(flags=<Flag 0 ()>)
  File "<ipython-input-3-1e8a4a1eb25a>", line 1
    IP(flags=<Flag 0 ()>)
             ^
SyntaxError: invalid syntax

Also, when print a FlagValue with value of 0, flagrepr returns an empty
string which can be confusing:

In [1]: IP(flags=0)
Out[1]: <IP  flags= |>

Use int value instead in both cases.

Fixes: fc6a4caa ("Introduce FlagValue(int) objects to represent FlagsField() values")
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Currently, only internal encryption and decryption were tested but the
implementation might not be the on it is supposed to be.

Add reference packets generated using Ubuntu-16.04, iproute2 and ping:
 # ip -V
 ip utility, iproute2-ss151103
 # uname -a
 Linux router-vm 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
 # ping -V
 ping utility, iputils-s20160308

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

In TLS, the AES-CCM test is commented out because CCM is not supported
by cryptography. But the combined_modes_ccm keyword is made to skip
these tests.

In IPsec, some IPv4 tests are located in the IPv6 section. Also add the
same combination of test for the AES-CCM as the other modes.

Also, there is some errors in the key material as the *MUST*
implementation uses a 16 bytes key and a 3 bytes nonce. Fix those
lengths.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Support Raw IPv6 as PCAP linktype

Issue #593

Issue #592

add internal doc & reform binding layers

Dot11: use ConditionalField() to replace .is_applicable() methods

Some fields in Dot11 protocols were using specific .is_applicable()
methods to implement similar features than ConditionalField() (which
probably didn't exist by the time Dot11 dissectors have been written).

This commit uses ConditionalField and removes specific field classes
to use generic (MACField and LEShortField) fields. This should make
the code easier to understand.

This will also prevent some fields from being displayed when they
should not:

    >>> Dot11().show()
    ###[ 802.11 ]###
      subtype= 0
      type= Management
      proto= 0
      FCfield=
      ID= 0
      addr1= 00:00:00:00:00:00
      addr2= 00:00:00:00:00:00
      addr3= 00:00:00:00:00:00
      SC= 0

    >>> Dot11(type=2, FCfield=3).show()
    ###[ 802.11 ]###
      subtype= 0
      type= Data
      proto= 0
      FCfield= to-DS+from-DS
      ID= 0
      addr1= 00:00:00:00:00:00
      addr2= 00:00:00:00:00:00
      addr3= 00:00:00:00:00:00
      SC= 0
      addr4= 00:00:00:00:00:00

    >>> Dot11(type=1).show()
    ###[ 802.11 ]###
      subtype= 0
      type= Control
      proto= 0
      FCfield=
      ID= 0
      addr1= 00:00:00:00:00:00

[rewritten] PR #504

* More layer bindings for GRE
* Define IPPROTO_GRE for windows

[Bug] TLS: fix shell start with old cryptography

The default values of the "value_size" field is None. This can trigger
an issue
when computing the "len" field.

Test: str(EAP_MD5())

In order to fix this issue, the default value of the "value_size" field
has been set to 0.

Tests have been added in "regression.uts".

Added regression tests for EAP_TLS and EAP_FAST.

Use XStrLenField in EAP_MD5, EAP_TLS and EAP_FAST packets instead of StrLenField.

Delete blank lines before the class description (EAPOL, EAP, EAP_MD5, EAP_TLS and EAP_FAST packet classes).

"registered_options" dictionary was renamed "registered_methods"
(EAP-MD5, EAP-TLS etc are not options, but authentication methods).

EAP getlayer() and haslayer() methods have been overloaded in order to
allow access to a given "EAP layer" (such as EAP_TLS, for instance) by
providing the parent class name ("EAP"). For example, this is now
possible:

>>> eap_tls = EAP_TLS()
>>> EAP_TLS in eap_tls
True
>>> EAP in eap_tls
True
>>> eap_tls[EAP_TLS]
<EAP_TLS  |>
>>> eap_tls[EAP]
<EAP_TLS  |>

Regression tests have been added.

Seen on Redhat-7 with distribution version of python-cryptography
(1.3.1):
  File "/usr/lib/python2.7/site-packages/scapy/layers/tls/crypto/ffdh.py", line 207, in <module>
    params = pn.parameters(default_backend())
AttributeError: 'DHParameterNumbers' object has no attribute 'parameters'

This is due to an API change in cryptography 1.7 which is the required version
for scapy. Althought, we should still be able to launch the shell.

Check if cryptography is valid before filling FFDH_GROUPS.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>