Prevent 'ARP Spoofing' warnings if one of the involved IPs is in the link local block

This commit is contained in:
maride 2019-12-14 11:31:52 +01:00
parent 29aba89b6a
commit 22da3cc934

View File

@ -13,6 +13,10 @@ import (
var ( var (
arpStatsList []arpStats arpStatsList []arpStats
devices []arpDevice devices []arpDevice
linkLocalBlock = net.IPNet{
IP: net.IPv4(169, 254, 0, 0),
Mask: net.IPv4Mask(255, 255, 0, 0),
}
) )
type Protocol struct {} type Protocol struct {}
@ -132,7 +136,13 @@ func (p *Protocol) addDeviceEntry(macaddr string, ipaddr string) {
// check if we found a collision (possible ARP spoofing) // check if we found a collision (possible ARP spoofing)
if (devices[i].macaddr == macaddr) != (devices[i].ipaddr == ipaddr) { if (devices[i].macaddr == macaddr) != (devices[i].ipaddr == ipaddr) {
// this operation is practically XOR (which golang doesn't provide e.g. with ^) // this operation is practically XOR (which golang doesn't provide e.g. with ^)
log.Printf("Found possible ARP spoofing! Old: (MAC=%s, IP=%s), New: (MAC=%s, IP=%s). Overriding...", devices[i].macaddr, devices[i].ipaddr, macaddr, ipaddr)
// Check if one address is in the link-local block (169.254.0.0/16), ignore "ARP spoofing" then
if !linkLocalBlock.Contains(net.ParseIP(devices[i].ipaddr)) && !linkLocalBlock.Contains(net.ParseIP(ipaddr)) {
// The old and the new IP are both outside of the link-local range - we can warn about ARP spoofing
log.Printf("Found possible ARP spoofing! Old: (MAC=%s, IP=%s), New: (MAC=%s, IP=%s). Overriding...", devices[i].macaddr, devices[i].ipaddr, macaddr, ipaddr)
}
devices[i].macaddr = macaddr devices[i].macaddr = macaddr
devices[i].ipaddr = ipaddr devices[i].ipaddr = ipaddr
return return