FlagValue: use consistant (always a string) output

There is a distinction to be made between the IV generated using
CryptAlgo.generate_iv and the IV given as argument to the cipher mode in
CryptAlgo.new_cipher.

The first one is random string which is sent with the ESP packet (first
bytes of the data field). The cipher mode only affects the size of the
string in our implementation (some modes like GCM may implement a
counter instead of pure random).

And the second is a combination of the salt, the ESP iv and possibly other
things. This can vary a lot depending on the mode.

Add an attribute to CryptAlgo to give a function computing this "second"
IV based on SA information.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

When running the command method on a packet, by default, the __repr__
method of the value is used to dump a field.
Although, the __repr__ method of the new FlagValue class is not a valid
python syntax:

In [2]: IP(flags=0).command()
Out[2]: 'IP(flags=<Flag 0 ()>)'

In [3]: IP(flags=<Flag 0 ()>)
  File "<ipython-input-3-1e8a4a1eb25a>", line 1
    IP(flags=<Flag 0 ()>)
             ^
SyntaxError: invalid syntax

Also, when print a FlagValue with value of 0, flagrepr returns an empty
string which can be confusing:

In [1]: IP(flags=0)
Out[1]: <IP  flags= |>

Use int value instead in both cases.

Fixes: fc6a4caa ("Introduce FlagValue(int) objects to represent FlagsField() values")
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Currently, only internal encryption and decryption were tested but the
implementation might not be the on it is supposed to be.

Add reference packets generated using Ubuntu-16.04, iproute2 and ping:
 # ip -V
 ip utility, iproute2-ss151103
 # uname -a
 Linux router-vm 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
 # ping -V
 ping utility, iputils-s20160308

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

In TLS, the AES-CCM test is commented out because CCM is not supported
by cryptography. But the combined_modes_ccm keyword is made to skip
these tests.

In IPsec, some IPv4 tests are located in the IPv6 section. Also add the
same combination of test for the AES-CCM as the other modes.

Also, there is some errors in the key material as the *MUST*
implementation uses a 16 bytes key and a 3 bytes nonce. Fix those
lengths.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Support Raw IPv6 as PCAP linktype

Issue #593

Issue #592

add internal doc & reform binding layers

Dot11: use ConditionalField() to replace .is_applicable() methods

Some fields in Dot11 protocols were using specific .is_applicable()
methods to implement similar features than ConditionalField() (which
probably didn't exist by the time Dot11 dissectors have been written).

This commit uses ConditionalField and removes specific field classes
to use generic (MACField and LEShortField) fields. This should make
the code easier to understand.

This will also prevent some fields from being displayed when they
should not:

    >>> Dot11().show()
    ###[ 802.11 ]###
      subtype= 0
      type= Management
      proto= 0
      FCfield=
      ID= 0
      addr1= 00:00:00:00:00:00
      addr2= 00:00:00:00:00:00
      addr3= 00:00:00:00:00:00
      SC= 0

    >>> Dot11(type=2, FCfield=3).show()
    ###[ 802.11 ]###
      subtype= 0
      type= Data
      proto= 0
      FCfield= to-DS+from-DS
      ID= 0
      addr1= 00:00:00:00:00:00
      addr2= 00:00:00:00:00:00
      addr3= 00:00:00:00:00:00
      SC= 0
      addr4= 00:00:00:00:00:00

    >>> Dot11(type=1).show()
    ###[ 802.11 ]###
      subtype= 0
      type= Control
      proto= 0
      FCfield=
      ID= 0
      addr1= 00:00:00:00:00:00

[rewritten] PR #504

* More layer bindings for GRE
* Define IPPROTO_GRE for windows

[Bug] TLS: fix shell start with old cryptography

The default values of the "value_size" field is None. This can trigger
an issue
when computing the "len" field.

Test: str(EAP_MD5())

In order to fix this issue, the default value of the "value_size" field
has been set to 0.

Tests have been added in "regression.uts".

Added regression tests for EAP_TLS and EAP_FAST.

Use XStrLenField in EAP_MD5, EAP_TLS and EAP_FAST packets instead of StrLenField.

Delete blank lines before the class description (EAPOL, EAP, EAP_MD5, EAP_TLS and EAP_FAST packet classes).

"registered_options" dictionary was renamed "registered_methods"
(EAP-MD5, EAP-TLS etc are not options, but authentication methods).

EAP getlayer() and haslayer() methods have been overloaded in order to
allow access to a given "EAP layer" (such as EAP_TLS, for instance) by
providing the parent class name ("EAP"). For example, this is now
possible:

>>> eap_tls = EAP_TLS()
>>> EAP_TLS in eap_tls
True
>>> EAP in eap_tls
True
>>> eap_tls[EAP_TLS]
<EAP_TLS  |>
>>> eap_tls[EAP]
<EAP_TLS  |>

Regression tests have been added.

Seen on Redhat-7 with distribution version of python-cryptography
(1.3.1):
  File "/usr/lib/python2.7/site-packages/scapy/layers/tls/crypto/ffdh.py", line 207, in <module>
    params = pn.parameters(default_backend())
AttributeError: 'DHParameterNumbers' object has no attribute 'parameters'

This is due to an API change in cryptography 1.7 which is the required version
for scapy. Althought, we should still be able to launch the shell.

Check if cryptography is valid before filling FFDH_GROUPS.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

The ICV size is defined by the authentication algorithm in the SA.
it can be deduced from the payloadlen field but the padding len is
unknown aswell so there is no way to find both without the SA.

Assume everything in payloadlen is the ICV until the verification called
from the SA. Fill padding when possible.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

[appveyor] Fix tests automaton

Only read version from git when in scapy

* Add message field in EAP-Indentity request

EAP-Identity request may contain message as stated in RFC3748.

* Fix fragmented EAP-TLS

Current implementation fails to dissect fragmented EAP-TLS.
Fragmented EAP-TLS messages are quite common, in this case only
first EAP-TLS will contain tls_message_len field (indicated by L bit),
which will be total length of reassembled tls message.

Length of tls payload in single EAP-TLS message should therefore
be determined by EAP.len field (see RFC5216-Fragmentation).

To implement this I find reasonable to make EAP-TLS subclass of EAP.

* Fix fragmented EAP-FAST

Implementation of EAP-FAST suffers from the same issue as EAP-TLS,
see previous commit message.

* Fix EAP-MD5 Dissection

Implementation of EAP-MD5 was not following RFC3748 (which is
referencing RFC1994) properly.

Field value_size is determining only size of value_field.
It might have length different than 16B in EAP-MD5 request,
because in that case it is not used to transmit MD5 hash,
but random challenge value.
Size of optional_name(extra data) is determined as "rest of" EAP message
(len field of EAP).

Scapy may be used as third party library by other projects, themselves
managed under git. This leads to surprising results such as this:

    $ git describe
    awesomeproject-v5.22-1-ga1316614c290
    $ virtualenv env
    ...
    $ . env/bin/activate
    (env)$ pip install scapy==2.3.3
    ...
    (env)$ cat env/lib/python2.7/site-packages/scapy/VERSION
    2.3.3
    (env)$ which scapy
    /home/.../env/bin/scapy
    (env)$ scapy
    ...
    Welcome to Scapy (awesomeproject-v5.22.dev1)
    >>>

Scapy's version is wrongly set to the current project's version.

When trying to determine scapy's version from git, make sure that the
code is executed from the root of a git repo. If not, read the version
from the scapy/VERSION file which has been generated when packaging
scapy source archive.

Fixes: 4f71027f ("enhance version management")
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>

Prevent sr() tests crashes

[convergence] Python 3- string byte tag

[Windows] support Npcap