From 677897c50c3d3914ab6bb8be4ff3ccc9d63b11ce Mon Sep 17 00:00:00 2001 From: maride Date: Thu, 28 Nov 2019 19:38:41 +0100 Subject: [PATCH] Split DHCP request/response code into separate files --- ethernet/dhcpv4/dhcp.go | 81 +------------------------------------ ethernet/dhcpv4/request.go | 21 ++++++++++ ethernet/dhcpv4/response.go | 79 ++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+), 79 deletions(-) create mode 100644 ethernet/dhcpv4/request.go create mode 100644 ethernet/dhcpv4/response.go diff --git a/ethernet/dhcpv4/dhcp.go b/ethernet/dhcpv4/dhcp.go index 5032b8b..37bdfa4 100644 --- a/ethernet/dhcpv4/dhcp.go +++ b/ethernet/dhcpv4/dhcp.go @@ -1,16 +1,9 @@ package dhcpv4 import ( - "fmt" "github.com/fatih/color" "github.com/google/gopacket" "github.com/google/gopacket/layers" - "log" -) - -var ( - requestMAC []string - responses []dhcpResponse ) // Called on every DHCP (v4) packet @@ -42,10 +35,10 @@ func HandleDHCPv4Packet(packet gopacket.Packet) error { // Examine packet further if dhcppacket.Operation == layers.DHCPOpRequest { // Request packet - requestMAC = appendIfUnique(dhcppacket.ClientHWAddr.String(), requestMAC) + processRequestPacket(dhcppacket) } else { // Response/Offer packet - addResponseEntry(dhcppacket.ClientIP.String(), dhcppacket.YourClientIP.String(), dhcppacket.ClientHWAddr.String(), ethernetpacket.SrcMAC.String()) + processResponsePacket(dhcppacket, ethernetpacket) } return nil @@ -59,73 +52,3 @@ func PrintDHCPv4Summary() { headline.Println("DHCP Responses/Offers") printResponseSummary() } - -// Prints the summary of all DHCP request packets -func printRequestSummary() { - fmt.Printf("%d unique DHCP requests\n", len(requestMAC)) - printTree(requestMAC) -} - -// Prints the summary of all DHCP offer packets -func printResponseSummary() { - var tmpaddr []string - - // Iterate over all responses - for _, r := range responses { - addition := "" - - if r.askedFor { - addition = " which the client explicitly asked for." - } - - tmpaddr = append(tmpaddr, fmt.Sprintf("%s offered %s IP address %s%s", r.serverMACAddr, r.destMACAddr, r.newIPAddr, addition)) - } - - // Draw as tree - printTree(tmpaddr) -} - -// Adds a new response entry. If an IP address was already issued or a MAC asks multiple times for DNS, the case is examined further -func addResponseEntry(newIP string, yourIP string, destMAC string, serverMAC string) { - // Check if client asked for a specific address (which was granted by the DHCP server) - askedFor := false - if newIP == "0.0.0.0" { - // Yes, client asked for a specific address. Most likely not the first time in this network. - newIP = yourIP - askedFor = true - } - - for _, r := range responses { - // Check for interesting cases - if r.destMACAddr == destMAC { - // The same client device received multiple IP addresses, let's examine further - if r.newIPAddr == newIP { - // the handed IP is the same - this is ok, just badly configured - if r.serverMACAddr == serverMAC { - // Same DHCP server answered. - log.Printf("MAC address %s received the same IP address multiple times via DHCP by the same server.", destMAC) - } else { - // Different DHCP servers answered, but with the same address - strange network, but ok... - log.Printf("MAC address %s received the same IP address multiple times via DHCP by different servers.", destMAC) - } - } else { - // far more interesting - one client received multiple addresses - if r.serverMACAddr == serverMAC { - // Same DHCP server answered. - log.Printf("MAC address %s received different IP addresses (%s, %s) multiple times via DHCP by the same server.", destMAC, r.newIPAddr, newIP) - } else { - // Different DHCP servers answered, with different addresses - possibly an attempt to build up MitM - log.Printf("MAC address %s received different IP addresses (%s, %s) multiple times via DHCP by different servers (%s, %s).", destMAC, r.newIPAddr, newIP, r.serverMACAddr, serverMAC) - } - } - } - } - - // Add a response entry - even if we found some "strange" behavior before. - responses = append(responses, dhcpResponse{ - destMACAddr: destMAC, - newIPAddr: newIP, - serverMACAddr: serverMAC, - askedFor: askedFor, - }) -} \ No newline at end of file diff --git a/ethernet/dhcpv4/request.go b/ethernet/dhcpv4/request.go new file mode 100644 index 0000000..459d767 --- /dev/null +++ b/ethernet/dhcpv4/request.go @@ -0,0 +1,21 @@ +package dhcpv4 + +import ( + "fmt" + "github.com/google/gopacket/layers" +) + +var ( + requestMAC []string +) + +// Processes the DHCP request packet handed over +func processRequestPacket(dhcppacket layers.DHCPv4) { + requestMAC = appendIfUnique(dhcppacket.ClientHWAddr.String(), requestMAC) +} + +// Prints the summary of all DHCP request packets +func printRequestSummary() { + fmt.Printf("%d unique DHCP requests\n", len(requestMAC)) + printTree(requestMAC) +} diff --git a/ethernet/dhcpv4/response.go b/ethernet/dhcpv4/response.go new file mode 100644 index 0000000..d01726f --- /dev/null +++ b/ethernet/dhcpv4/response.go @@ -0,0 +1,79 @@ +package dhcpv4 + +import ( + "fmt" + "github.com/google/gopacket/layers" + "log" +) + +var ( + responses []dhcpResponse +) + +func processResponsePacket(dhcppacket layers.DHCPv4, ethernetpacket layers.Ethernet) { + addResponseEntry(dhcppacket.ClientIP.String(), dhcppacket.YourClientIP.String(), dhcppacket.ClientHWAddr.String(), ethernetpacket.SrcMAC.String()) +} + +// Prints the summary of all DHCP offer packets +func printResponseSummary() { + var tmpaddr []string + + // Iterate over all responses + for _, r := range responses { + addition := "" + + if r.askedFor { + addition = " which the client explicitly asked for." + } + + tmpaddr = append(tmpaddr, fmt.Sprintf("%s offered %s IP address %s%s", r.serverMACAddr, r.destMACAddr, r.newIPAddr, addition)) + } + + // Draw as tree + printTree(tmpaddr) +} + +// Adds a new response entry. If an IP address was already issued or a MAC asks multiple times for DNS, the case is examined further +func addResponseEntry(newIP string, yourIP string, destMAC string, serverMAC string) { + // Check if client asked for a specific address (which was granted by the DHCP server) + askedFor := false + if newIP == "0.0.0.0" { + // Yes, client asked for a specific address. Most likely not the first time in this network. + newIP = yourIP + askedFor = true + } + + for _, r := range responses { + // Check for interesting cases + if r.destMACAddr == destMAC { + // The same client device received multiple IP addresses, let's examine further + if r.newIPAddr == newIP { + // the handed IP is the same - this is ok, just badly configured + if r.serverMACAddr == serverMAC { + // Same DHCP server answered. + log.Printf("MAC address %s received the same IP address multiple times via DHCP by the same server.", destMAC) + } else { + // Different DHCP servers answered, but with the same address - strange network, but ok... + log.Printf("MAC address %s received the same IP address multiple times via DHCP by different servers.", destMAC) + } + } else { + // far more interesting - one client received multiple addresses + if r.serverMACAddr == serverMAC { + // Same DHCP server answered. + log.Printf("MAC address %s received different IP addresses (%s, %s) multiple times via DHCP by the same server.", destMAC, r.newIPAddr, newIP) + } else { + // Different DHCP servers answered, with different addresses - possibly an attempt to build up MitM + log.Printf("MAC address %s received different IP addresses (%s, %s) multiple times via DHCP by different servers (%s, %s).", destMAC, r.newIPAddr, newIP, r.serverMACAddr, serverMAC) + } + } + } + } + + // Add a response entry - even if we found some "strange" behavior before. + responses = append(responses, dhcpResponse{ + destMACAddr: destMAC, + newIPAddr: newIP, + serverMACAddr: serverMAC, + askedFor: askedFor, + }) +}