added creation of ARP packets and marshaling to bytes

Author: shadowy-pycoder

arpspoof/arpspoof.go

@@ -0,0 +1,2 @@
+// Package arpspoof
+package arpspoof

layers/arp.go

@@ -9,18 +9,33 @@ import (
 
 const headerSizeARP = 28
 
+type Operation uint16
+
+const (
+	OperationRequest Operation = 1
+	OperationReply   Operation = 2
+)
+
+type ARPOperation struct {
+	Val  Operation
+	Desc string
+}
+
+func (ao *ARPOperation) String() string {
+	return fmt.Sprintf("%s (%d)", ao.Desc, ao.Val)
+}
+
 // The Address Resolution Protocol (ARP) is a communication protocol
 // used for discovering the link layer address, such as a MAC address,
 // associated with a given internet layer address, typically an IPv4 address.
 // Defined in RFC 826.
 type ARPPacket struct {
-	HardwareType     uint16 // Network link protocol type.
-	ProtocolType     uint16 // Internetwork protocol for which the ARP request is intended.
-	ProtocolTypeDesc string // Internetwork protocol description.
-	Hlen             uint8  // Length (in octets) of a hardware address.
-	Plen             uint8  // Length (in octets) of internetwork addresses.
-	Op               uint16 // Specifies the operation that the sender is performing.
-	OpDesc           string // Operation description.
+	HardwareType     uint16        // Network link protocol type.
+	ProtocolType     uint16        // Internetwork protocol for which the ARP request is intended.
+	ProtocolTypeDesc string        // Internetwork protocol description.
+	Hlen             uint8         // Length (in octets) of a hardware address.
+	Plen             uint8         // Length (in octets) of internetwork addresses.
+	Op               *ARPOperation // Specifies the operation that the sender is performing.
 	// Media address of the sender. In an ARP request this field is used to indicate
 	// the address of the host sending the request. In an ARP reply this field is used
 	// to indicate the address of the host that the request was looking for.
@@ -32,13 +47,40 @@ type ARPPacket struct {
 	TargetIP  netip.Addr // Internetwork address of the intended receiver.
 }
 
+func New(
+	op Operation,
+	senderMAC net.HardwareAddr,
+	senderIP netip.Addr,
+	targetMAC net.HardwareAddr,
+	targetIP netip.Addr,
+) (*ARPPacket, error) {
+	if len(senderMAC) < 6 || len(targetMAC) < 6 || len(senderMAC) != len(targetMAC) {
+		return nil, fmt.Errorf("malformed hardware address")
+	}
+	if !senderIP.IsValid() || !senderIP.Is4() || !targetIP.IsValid() || !targetIP.Is4() {
+		return nil, fmt.Errorf("malformed protocol address")
+	}
+	return &ARPPacket{
+		HardwareType:     1,
+		ProtocolType:     0x0800,
+		ProtocolTypeDesc: "IPv4",
+		Hlen:             uint8(len(senderMAC)),
+		Plen:             4,
+		Op:               &ARPOperation{Val: op, Desc: opdesc(op)},
+		SenderMAC:        senderMAC,
+		SenderIP:         senderIP,
+		TargetMAC:        targetMAC,
+		TargetIP:         targetIP,
+	}, nil
+}
+
 func (ap *ARPPacket) String() string {
 	return fmt.Sprintf(`%s
 - Hardware Type: %d
 - Protocol Type: %s (%#04x)
 - HLen: %d
-- PLen: %d 
-- Operation: %s (%d)
+- PLen: %d
+- Operation: %s
 - Sender MAC Address: %s
 - Sender IP Address: %s
 - Target MAC Address: %s
@@ -50,7 +92,6 @@ func (ap *ARPPacket) String() string {
 		ap.ProtocolType,
 		ap.Hlen,
 		ap.Plen,
-		ap.OpDesc,
 		ap.Op,
 		ap.SenderMAC,
 		ap.SenderIP,
@@ -61,29 +102,57 @@ func (ap *ARPPacket) String() string {
 
 func (ap *ARPPacket) Summary() string {
 	var message string
-	switch ap.OpDesc {
-	case "request":
-		message = fmt.Sprintf("ARP Packet: (%s) Who has %s? Tell %s", ap.OpDesc, ap.TargetIP, ap.SenderIP)
-	case "reply":
-		message = fmt.Sprintf("ARP Packet: (%s) %s at %s", ap.OpDesc, ap.SenderIP, ap.SenderMAC)
+	switch ap.Op.Val {
+	case OperationRequest:
+		message = fmt.Sprintf("ARP Packet: (%s) Who has %s? Tell %s", ap.Op.Desc, ap.TargetIP, ap.SenderIP)
+	case OperationReply:
+		message = fmt.Sprintf("ARP Packet: (%s) %s at %s", ap.Op.Desc, ap.SenderIP, ap.SenderMAC)
 	default:
-		message = fmt.Sprintf("ARP Packet: (%s)", ap.OpDesc)
+		message = fmt.Sprintf("ARP Packet: (%s)", ap.Op.Desc)
 	}
 	return message
 }
 
-// Parse parses the given ARP packet data into the ARPPacket struct.
-func (ap *ARPPacket) Parse(data []byte) error {
+// MarshalBinary implements encoding.BinaryMarshaler interface
+func (ap *ARPPacket) MarshalBinary() ([]byte, error) {
+	buf := make([]byte, 2+2+1+1+2+(ap.Plen*2)+(ap.Hlen*2))
+	binary.BigEndian.PutUint16(buf[0:2], ap.HardwareType)
+	binary.BigEndian.PutUint16(buf[2:4], ap.ProtocolType)
+	buf[4] = ap.Hlen
+	buf[5] = ap.Plen
+	binary.BigEndian.PutUint16(buf[6:8], uint16(ap.Op.Val))
+	hoffset := 8 + ap.Hlen
+	poffset := hoffset + ap.Plen
+	copy(buf[8:hoffset], ap.SenderMAC)
+	copy(buf[hoffset:poffset], ap.SenderIP.AsSlice())
+	copy(buf[poffset:poffset+ap.Hlen], ap.TargetMAC)
+	copy(buf[poffset+ap.Hlen:poffset+ap.Hlen+ap.Plen], ap.TargetIP.AsSlice())
+	return buf, nil
+}
+
+func (ap *ARPPacket) ToBytes() ([]byte, error) {
+	return ap.MarshalBinary()
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler interface
+func (ap *ARPPacket) UnmarshalBinary(data []byte) error {
 	if len(data) < headerSizeARP {
 		return fmt.Errorf("minimum header size for ARP is %d bytes, got %d bytes", headerSizeARP, len(data))
 	}
 	ap.HardwareType = binary.BigEndian.Uint16(data[0:2])
 	ap.ProtocolType = binary.BigEndian.Uint16(data[2:4])
 	ap.ProtocolTypeDesc = ptypedesc(ap.ProtocolType)
+	if ap.ProtocolTypeDesc == "Unknown" {
+		return fmt.Errorf("unknown protocol type")
+	}
 	ap.Hlen = data[4]
 	ap.Plen = data[5]
-	ap.Op = binary.BigEndian.Uint16(data[6:8])
-	ap.OpDesc = opdesc(ap.Op)
+	op := Operation(binary.BigEndian.Uint16(data[6:8]))
+	opdesc := opdesc(op)
+	if opdesc == "Unknown" {
+		return fmt.Errorf("unknown operation")
+	}
+	ap.Op = &ARPOperation{Val: op, Desc: opdesc}
 	hoffset := 8 + ap.Hlen
 	ap.SenderMAC = net.HardwareAddr(data[8:hoffset])
 	poffset := hoffset + ap.Plen
@@ -100,6 +169,11 @@ func (ap *ARPPacket) Parse(data []byte) error {
 	return nil
 }
 
+// Parse parses the given ARP packet data into the ARPPacket struct.
+func (ap *ARPPacket) Parse(data []byte) error {
+	return ap.UnmarshalBinary(data)
+}
+
 func (ap *ARPPacket) NextLayer() (layer string, payload []byte) { return }
 
 func ptypedesc(pt uint16) string {
@@ -115,12 +189,12 @@ func ptypedesc(pt uint16) string {
 	return proto
 }
 
-func opdesc(op uint16) string {
+func opdesc(op Operation) string {
 	var opdesc string
 	switch op {
-	case 1:
+	case OperationRequest:
 		opdesc = "request"
-	case 2:
+	case OperationReply:
 		opdesc = "reply"
 	default:
 		opdesc = "Unknown"

mpcapng/write.go

@@ -28,11 +28,11 @@ const (
 	ifNameCode      uint16 = 0x0002
 	ifDescCode      uint16 = 0x0003
 	ifMACCode       uint16 = 0x0006
-	ifTsResCode     uint16 = 0x0009
+	ifTSResCode     uint16 = 0x0009
 	ifFilterCode    uint16 = 0x000b
 	ifOSCode        uint16 = 0x000c
 	epbBlockType    uint32 = 0x00000006
-	interfaceId     uint32 = 0x00000000 // only support one IDB
+	interfaceID     uint32 = 0x00000000 // only support one IDB
 )
 
 var (
@@ -223,7 +223,7 @@ func (pw *Writer) writeIdbOptions(in *net.Interface, expr string) ([]byte, error
 		binary.Write(buf, nativeEndian, in.HardwareAddr)
 	}
 	buf.Write(bytes.Repeat(zero, 2))
-	binary.Write(buf, nativeEndian, ifTsResCode)
+	binary.Write(buf, nativeEndian, ifTSResCode)
 	binary.Write(buf, nativeEndian, uint16(1))
 	binary.Write(buf, nativeEndian, timeRes)
 	buf.Write(bytes.Repeat(zero, 3))
@@ -248,7 +248,7 @@ func (pw *Writer) WritePacket(timestamp time.Time, data []byte) error {
 	blockLen := 4 + 4 + 4 + 4 + 4 + 4 + 4 + packetLen + 4
 	binary.Write(pw.w, nativeEndian, epbBlockType)
 	binary.Write(pw.w, nativeEndian, uint32(blockLen))
-	binary.Write(pw.w, nativeEndian, interfaceId)
+	binary.Write(pw.w, nativeEndian, interfaceID)
 	msecs := uint64(timestamp.UnixMilli())
 	binary.Write(pw.w, nativeEndian, uint32(msecs>>32))
 	binary.Write(pw.w, nativeEndian, uint32(msecs&(1<<32-1)))

mshark.go

@@ -1,3 +1,4 @@
+// Package mshark is a simple packet capture tool
 package mshark
 
 import (
@@ -220,10 +221,7 @@ func OpenLive(conf *Config, pw ...PacketWriter) error {
 	}()
 
 	// number of packets
-	count := conf.PacketCount
-	if count < 0 {
-		count = 0
-	}
+	count := max(0, conf.PacketCount)
 	infinity := count == 0
 
 	b := make([]byte, conf.Snaplen)

native/native.go

@@ -1,3 +1,4 @@
+// Package native determines host machine endianness
 package native
 
 import (