raw arp packets in golang os osx/linux
2,520 views
Skip to first unread message
toxicnaan
Feb 9, 2012, 8:28:06 AM2/9/12
to golang-nuts
Hi,
I'm trying to do some arp to ip resolution with go. I need to be able
to send my own arp packets (for various IP's) and wait for the correct
'arp reply'.
Can golang do this, i'm loathed to do it in C if possible ;-) .
Any tips,code snippets, examples or general pointers would be great.
Cheers,
Lee
I'm trying to do some arp to ip resolution with go. I need to be able
to send my own arp packets (for various IP's) and wait for the correct
'arp reply'.
Can golang do this, i'm loathed to do it in C if possible ;-) .
Any tips,code snippets, examples or general pointers would be great.
Cheers,
Lee
Stephen Day
Feb 9, 2012, 10:46:30 AM2/9/12
to golan...@googlegroups.com
This is a really platform specific problem.
For example, on linux, you are going to have to first give yourself CAP_NET_RAW (check man 7 capabilities), then setup a socket with socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP)). Most of this information is in man AF_PACKET. Calling the correct incantation from go should be straight forward using the C or syscall interface.
However, you may want to really examine what you are trying to do. Sending out raw ARP packets is a pretty extreme solution to any problem. If you get this wrong, you can bring down a LAN quite easily. If you are trying to respond to other addresses on an interface, which is what I suspect, you may want to look into sub-interfaces. Or, if you just want to take a peak at the arp cache, you can look at /proc/net/arp.
Stephen.
Kyle Lemons
Feb 9, 2012, 2:34:41 PM2/9/12
to Stephen Day, golan...@googlegroups.com
If I'm not mistaken, ARP is an IP-layer packet, and as such can be crafted (with root privileges or the CAP_NET_RAW capability) using net.IPConn
Stephen Day
Feb 9, 2012, 3:56:53 PM2/9/12
to golan...@googlegroups.com, Stephen Day
It's possible that ARP is considered an IP Packet for kernel purposes, but the frame type of an ARP packet is different. Avoiding the philosophical argument, it probably sits somewhere between layer 2 and layer 3, but the actual packet itself is not an IP packet.
Kyle Lemons
Feb 9, 2012, 4:59:20 PM2/9/12
to Stephen Day, golan...@googlegroups.com
It's possible that ARP is considered an IP Packet for kernel purposes, but the frame type of an ARP packet is different. Avoiding the philosophical argument, it probably sits somewhere between layer 2 and layer 3, but the actual packet itself is not an IP packet.
Then I'm wrong. If it doesn't use the IP packet structure, it can't be done with IPConn. I've only ever implemented ARP on an embedded system (and that was awhile ago), and I didn't have any high-level languages to work with :).
Mikio Hara
Feb 10, 2012, 12:25:09 AM2/10/12
to toxicnaan, golang-nuts
On Thu, Feb 9, 2012 at 10:28 PM, toxicnaan <toxi...@gmail.com> wrote:
> I'm trying to do some arp to ip resolution with go. I need to be able
> to send my own arp packets (for various IP's) and wait for the correct
> 'arp reply'.
You may use BPF on BSD variants, LSF or AF_PACKET
socket on Linux.
e.g., <https://github.com/mikioh/go.rawnet>
-- Mikio
Stephen Day
Feb 10, 2012, 4:23:54 PM2/10/12
to golan...@googlegroups.com, toxicnaan
Will he need BPF if the ETH_P_ARP is specified? If he's going that route, a libpcap wrapper might be more appropriate.
Maybe OP can expand on their application?
Mikio Hara
Feb 10, 2012, 10:15:42 PM2/10/12
to Stephen Day, golan...@googlegroups.com, toxicnaan
On Sat, Feb 11, 2012 at 6:23 AM, Stephen Day <stev...@gmail.com> wrote:
> Will he need BPF if the ETH_P_ARP is specified?
Not sure, I guess there is no concrete plan to support
EtherConn like API for Go 1.1 and beyond.
> If he's going that route, a
> libpcap wrapper might be more appropriate.
Perhaps.
> Maybe OP can expand on their application?
What's OP?
Stephen Day
Feb 10, 2012, 10:47:26 PM2/10/12
to golan...@googlegroups.com, Stephen Day, toxicnaan
OP := Original Poster = toxicnaan
Supporting raw ethernet connections in the go standard library is likely unnecessary; there are only a few use cases for it and those that do require raw packet access will want to have tight control over the details. Besides, its easy enough to setup the syscall properly from Go to C such that when it is really needed, the feature would be accessible.
Mikio Hara
Feb 10, 2012, 10:55:49 PM2/10/12
to Stephen Day, golan...@googlegroups.com, toxicnaan
On Sat, Feb 11, 2012 at 12:47 PM, Stephen Day <stev...@gmail.com> wrote:
> OP := Original Poster = toxicnaan
Thank you. I guessed it was a upcoming something new OpenXXX stuff.
Agreed.
toxicnaan
Feb 16, 2012, 1:08:04 PM2/16/12
to golang-nuts
I am the OP! :-)
Application is a ARP scanner, which allows you to scan for machines
not only on your local subnet, any machine on your local layer 2
broadcast segment.
I think this thread has given me enough to get started.
Thanks!
On Feb 11, 3:15 am, Mikio Hara <mikioh.mik...@gmail.com> wrote:
Application is a ARP scanner, which allows you to scan for machines
not only on your local subnet, any machine on your local layer 2
broadcast segment.
I think this thread has given me enough to get started.
Thanks!
On Feb 11, 3:15 am, Mikio Hara <mikioh.mik...@gmail.com> wrote:
Stephen Day
Feb 17, 2012, 11:03:06 AM2/17/12
to golan...@googlegroups.com
No problem.
For your application, however, it might be easier just to ping all the possible hosts on your subnet, then check the arp cache (/proc/net/arp) for entries.
Reply all
Reply to author
Forward
0 new messages