feat: added hsrpv2 support layer#5032
Open
pengsies wants to merge 8 commits into
Open
Conversation
AI-Assisted: no
…er for ipv4/ipv6) AI-Assisted: yes (OpenAI Codex)
AI-Assisted: no
AI-Assisted: yes (OpenAI Codex)
AI-Assisted: no
AI-Assisted: yes (OpenAI Codex)
Contributor
|
Thanks for the PR! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
context
hi! This is my first pull request to an open-source project, so please let me know if there is anything I should adjust.
so while working with HSRP packet building for a poc in my uni's hsrp network security project, i noticed that scapy’s existing hsrp layer supports the classic hsrpv1 packet format, but not the tlv-based format of hsrpv2. of course, because Scapy does not currently expose a native hsrpv2 layer, this means that packets of that nature would have to be constructed manually as raw udp payloads which was what i did. for example, the group state tlv and text authentication tlv need to be packed manually before being attached as
Raw(load=...)..but in any case, i thought that it would be neat if ____, so i ____.thought it would be useful for Scapy to support hsrpv2 directly, which resulted in this small contribution :D
tldr; PR adds a hsrpv2 support layer without changing any existing hsrpv1 packet model(s).
description
PR adds native hsrpv2 tlv support, and includes:
notes
previous behavior is intended to remain unchanged.
for ipv4 hsrpv2, UDP:1985 is shared with hsrpv1. because of that, i thought that Scapy should not automatically change the ipv4 destination address default to
224.0.0.102in case it was meant for hsrpv1. this would mean that when building ipv4 hsrpv2 packets, users should explicitly set the multicast destination as:instead of relying scapy to infer the destination automatically usually as shown below
however, for IPv6 HSRPv2, there would be no issue, as this change would automatically binds hsrpv2 to UDP:2029 and
ff02::66.MD5 Authentication tlvs are currently preserved as unknown tlvs rather than fully dissected, pending verified packet captures or specification confirmation for the exact ivp4/ipv6 layout.
tests
on top of existing hsrpv1 tests, i checked for:
closing remarks!
thanks for reviewing! please do let me know if there are any remarks or changes that i might need to make