1*8375b784SAndrew Geissler#!/usr/bin/env python3 2*8375b784SAndrew Geissler# Set env variable "ADDRESS" with BMC IP 3*8375b784SAndrew Geissler 4*8375b784SAndrew Geisslerimport os 5*8375b784SAndrew Geisslerimport socket 6*8375b784SAndrew Geisslerimport time 7*8375b784SAndrew Geisslerfrom socket import AF_INET, SOCK_DGRAM 8*8375b784SAndrew Geissler 9*8375b784SAndrew Geisslersock = socket.socket(AF_INET, SOCK_DGRAM) 10*8375b784SAndrew Geissler 11*8375b784SAndrew GeisslerbmcAddr = os.environ.get("ADDRESS", "127.0.0.1") 12*8375b784SAndrew Geissleraddr = (bmcAddr, 427) 13*8375b784SAndrew Geissler 14*8375b784SAndrew Geisslerprint("Invalid Lang Tag Length, large payload") 15*8375b784SAndrew Geisslerpayload = ( 16*8375b784SAndrew Geissler b"\x02" # Version 17*8375b784SAndrew Geissler + b"\x09" # Function ID: SRVTYPERQST 18*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 19*8375b784SAndrew Geissler + b"\xff" # Length 20*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 21*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 22*8375b784SAndrew Geissler + b"\x00" * 2 # XID 23*8375b784SAndrew Geissler + b"\xff" * 2 # Language Tag Length 24*8375b784SAndrew Geissler + b"A" * 65000 # Language Tag 25*8375b784SAndrew Geissler) 26*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 27*8375b784SAndrew Geissler 28*8375b784SAndrew Geisslertime.sleep(3) 29*8375b784SAndrew Geissler 30*8375b784SAndrew Geisslerprint("Large Lang Tag Length, large payload") 31*8375b784SAndrew Geisslerpayload = ( 32*8375b784SAndrew Geissler b"\x02" # Version 33*8375b784SAndrew Geissler + b"\x09" # Function ID: SRVTYPERQST 34*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 35*8375b784SAndrew Geissler + b"\xff" # Length 36*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 37*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 38*8375b784SAndrew Geissler + b"\x00" * 2 # XID 39*8375b784SAndrew Geissler + b"\xfd\xe8" # Language Tag Length 40*8375b784SAndrew Geissler + b"A" * 65000 # Language Tag 41*8375b784SAndrew Geissler) 42*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 43*8375b784SAndrew Geissler 44*8375b784SAndrew Geisslertime.sleep(3) 45*8375b784SAndrew Geissler 46*8375b784SAndrew Geisslerprint("Invalid Lang Tag Length, small payload") 47*8375b784SAndrew Geisslerpayload = ( 48*8375b784SAndrew Geissler b"\x02" # Version 49*8375b784SAndrew Geissler + b"\x09" # Function ID: SRVTYPERQST 50*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 51*8375b784SAndrew Geissler + b"\xff" # Length 52*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 53*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 54*8375b784SAndrew Geissler + b"\x00" * 2 # XID 55*8375b784SAndrew Geissler + b"\xff" * 2 # Language Tag Length 56*8375b784SAndrew Geissler + b"A" * 200 # Language Tag 57*8375b784SAndrew Geissler) 58*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 59*8375b784SAndrew Geissler 60*8375b784SAndrew Geisslertime.sleep(3) 61*8375b784SAndrew Geissler 62*8375b784SAndrew Geisslerprint("Large Lang Tag Length, small payload") 63*8375b784SAndrew Geisslerpayload = ( 64*8375b784SAndrew Geissler b"\x02" # Version 65*8375b784SAndrew Geissler + b"\x09" # Function ID: SRVTYPERQST 66*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 67*8375b784SAndrew Geissler + b"\xff" # Length 68*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 69*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 70*8375b784SAndrew Geissler + b"\x00" * 2 # XID 71*8375b784SAndrew Geissler + b"\xfd\xe8" # Language Tag Length 72*8375b784SAndrew Geissler + b"A" * 200 # Language Tag 73*8375b784SAndrew Geissler) 74*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 75*8375b784SAndrew Geissler 76*8375b784SAndrew Geisslertime.sleep(3) 77*8375b784SAndrew Geissler 78*8375b784SAndrew Geisslerprint("Invalid Lang Tag Length (overflow)") 79*8375b784SAndrew Geisslerpayload = ( 80*8375b784SAndrew Geissler b"\x02" # Version 81*8375b784SAndrew Geissler + b"\x09" # Function ID: SRVTYPERQST 82*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 83*8375b784SAndrew Geissler + b"\xff" # Length 84*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 85*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 86*8375b784SAndrew Geissler + b"\x00" * 2 # XID 87*8375b784SAndrew Geissler + b"\x00\x20" # Language Tag Length 88*8375b784SAndrew Geissler + b"A" * 10 # Language Tag 89*8375b784SAndrew Geissler) 90*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 91*8375b784SAndrew Geissler 92*8375b784SAndrew Geisslertime.sleep(3) 93*8375b784SAndrew Geissler 94*8375b784SAndrew Geisslerprint("slptool findsrvtypes") 95*8375b784SAndrew Geisslerpayload = ( 96*8375b784SAndrew Geissler b"\x02" # Version 97*8375b784SAndrew Geissler + b"\x09" # Function ID: SRVTYPERQST 98*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 99*8375b784SAndrew Geissler + b"\x1d" # Length 100*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 101*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 102*8375b784SAndrew Geissler + b"\x74\xe2" # XID 103*8375b784SAndrew Geissler + b"\x00\x02" # Language Tag Length 104*8375b784SAndrew Geissler + b"\x65\x6e" # Language Tag (en) 105*8375b784SAndrew Geissler + b"\x00\x00\xff\xff\x00\x07\x44\x45\x46\x41\x55\x4c\x54" 106*8375b784SAndrew Geissler) 107*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 108*8375b784SAndrew Geissler 109*8375b784SAndrew Geisslertime.sleep(5) 110*8375b784SAndrew Geissler 111*8375b784SAndrew Geisslerprint("slptool findsrvs service:obmc_console") 112*8375b784SAndrew Geisslerpayload = ( 113*8375b784SAndrew Geissler b"\x02" # Version 114*8375b784SAndrew Geissler + b"\x01" # Function ID: SRVTYPERQST 115*8375b784SAndrew Geissler + b"\x00" * 2 # Ignored Length bytes? 116*8375b784SAndrew Geissler + b"\x35" # Length 117*8375b784SAndrew Geissler + b"\x00" * 2 # Flags 118*8375b784SAndrew Geissler + b"\x00" * 3 # Ext 119*8375b784SAndrew Geissler + b"\xe5\xc2" # XID 120*8375b784SAndrew Geissler + b"\x00\x02" # Language Tag Length 121*8375b784SAndrew Geissler + b"\x65\x6e" # Language Tag (en) 122*8375b784SAndrew Geissler + b"\x00\x00" # PR List Length 123*8375b784SAndrew Geissler + b"\x00\x14service:obmc_console" # Service 124*8375b784SAndrew Geissler + b"\x00\x07\x44\x45\x46\x41\x55\x4c\x54" # Scope 125*8375b784SAndrew Geissler + b"\x00\x00\x00\x00" # Predicate and SLP SPI Length 126*8375b784SAndrew Geissler) 127*8375b784SAndrew Geisslerret = sock.sendto(payload, addr) 128