Reputation: 323
I would like to implement a new secure ARP protocol that is immune to ARP poisoning. The new "SecureArp" will hold a signature field that can be checked against an agreed upon hmac function. The scapy definition is as follows:
class SecureArp(Packet):
name = "SecureARP"
fields_desc = [IPField("srcip", None),
MACField("srcmac", None),
IPField("dstip", None),
MACField("dstmac", "00:00:00:00:00:00"),
IntEnumField("opcode", 1, { 1: "request", 2: "response" }),
StrFixedLenField("challenge", "", length=24),
StrFixedLenField("signature", "", length=20)]
The problem I encounter is that when receiving such SecureArp message scapy doesn't parse it at all and leaves the data as "Raw". I read the SecDev documentation about extending to a new protocol and its very unclear. What steps should i take so a SecureArp packet received would be automatically parsed? Thanks
Upvotes: 4
Views: 1052
Reputation: 3356
You'll have to bind your layer to another one in order for scapy to auto dissect it.
Also see scapys ARP implementation.
bind_layers( Ether, ARP, type=2054)
Upvotes: 4