$100 for MAC prefix to vendor resolution

infofarmer · Nov 20, 2010, 9:35 PM

It is often helpful to know the vendor based on the first 3 bytes of a MAC address.

$100 for introducing the resolution to vendor names in all parts of the interface. Visually, I think it is important for vendor names to be visible at once. As for the byte values, they may be left visible, or available in a tooltip.

/usr/local/share/nmap/nmap-mac-prefixes from nmap can be used as a good starting point for the MAC-vendor database.

jimp · Nov 22, 2010, 4:28 PM

It's a good idea, but you may just need to be a bit more specific about where you want to see this. "All areas" is too vague to do a proper assessment.

I assume you mean areas like the DHCP Leases view, the ARP table view, maybe the routing table view, and so on, but it would be easier for a potential developer to take this on if they know exactly what you expect.

infofarmer · Nov 22, 2010, 6:52 PM

Right, the most obvious places would suffice. I hope the taker will just grep the frontend code to see all possible places, but not a show-stopper if a few obscure ones get left behind.

Eugene · Nov 23, 2010, 5:39 AM

I think I can take it.
Places I've found:

Status->Interfaces
Status->DHCP leases
Diagnostics->ARP table

Anything else?

Eugene · Nov 24, 2010, 6:23 AM

This patch assumes that nmap package is installed and MAC->Vendor translation is done based on file /usr/local/share/nmap/nmap-mac-prefixes. If this package is not installed and the file does not exist then nothing breaks, you just still see MAC-addresses.

Sorry, can't push it to rcs.pfsense.org as port 22 is blocked for me and it seems you do not support git-push over http(s).

diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 5d1bbc3..b277632 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -2121,4 +2121,28 @@ function filter_rules_compare($a, $b) {
                return compare_interface_friendly_names($a['interface'], $b['interface']);
 }

+/****f* pfsense-utils/load_mac_manufacturer_table
+ * NAME
+ *   load_mac_manufacturer_table
+ * INPUTS
+ *   none
+ * RESULT
+ *   returns associative array with MAC-Manufacturer pairs
+ ******/
+function load_mac_manufacturer_table() {
+       /* load MAC-Manufacture data from the file */
+       $macs=file("/usr/local/share/nmap/nmap-mac-prefixes");
+       if ($macs){
+               foreach ($macs as $line){
+                       if (preg_match('/([0-9A-Fa-f]{6}) (.*)$/', $line, $matches)){
+                               /* store values like this $mac_man['000C29']='VMware' */
+                               $mac_man["$matches[1]"]=$matches[2];
+                       }
+               }
+               return $mac_man;
+       } else
+               return -1;
+
+}
+
 ?>
diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php
index 8a39d3a..46a376b 100755
--- a/usr/local/www/diag_arp.php
+++ b/usr/local/www/diag_arp.php
@@ -283,6 +283,8 @@ foreach ($data as &$entry) {
 // Sort the data alpha first
 $data = msort($data, "dnsresolve");

+// Load MAC-Manufacturer table
+$mac_man = load_mac_manufacturer_table();
 ?>

@@ -298,7 +300,13 @@ $data = msort($data, "dnsresolve");

-                                               
+                                               

+// Load MAC-Manufacturer table
+$mac_man = load_mac_manufacturer_table();
 foreach ($leases as $data) {
        if (($data['act'] == "active") || ($data['act'] == "static") || ($_GET['all'] == 1)) {
                if ($data['act'] != "active" && $data['act'] != "static") {
@@ -353,10 +355,20 @@ foreach ($leases as $data) {
                 }
                echo "\n";
                 echo "\n";
+               $mac=$data['mac'];
+               $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]);
                 if ($data['online'] != "online") {
-                        echo "\n";
-                } else {
-                       echo "\n";
+                       if(isset($mac_man[$mac_hi])){ // Manufacturer for this MAC is defined
+                               echo "\n";
+                       }else{
+                               echo "\n";
+                       }
+                }else{
+                       if(isset($mac_man[$mac_hi])){ // Manufacturer for this MAC is defined
+                               echo "\n";
+                       }else{
+                               echo "\n";
+                       }
                 }
                 echo "\n";
                                if ($data['type'] != "static") {
diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php
index d6fdced..519d53a 100755
--- a/usr/local/www/status_interfaces.php
+++ b/usr/local/www/status_interfaces.php
@@ -68,6 +68,8 @@ include("head.inc");
        $ifdescrs = get_configured_interface_with_descr(false, true);
        foreach ($ifdescrs as $ifdescr => $ifname):
        $ifinfo = get_interface_info($ifdescr);
+       // Load MAC-Manufacturer table
+       $mac_man = load_mac_manufacturer_table();
 ?>

@@ -160,7 +162,12 @@ include("head.inc");

|  |  | 
+                                               +                                               $mac=$entry['mac'];
+                                               $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]);
+                                               if(isset($mac_man[$mac_hi])){ print "{$mac_man[$mac_hi]}"; }
+                                               else{ print $mac; }
+                                               ?>
                                                 | 
                                                                                                                echo str_replace("Z_ ", "", $entry['dnsresolve']);
diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php
index 896b1af..915e6f1 100755
--- a/usr/local/www/status_dhcp_leases.php
+++ b/usr/local/www/status_dhcp_leases.php
@@ -320,6 +320,8 @@ foreach ($pools as $data) {
      | [](#) | 
| {$fspans}{$data['ip']}{$fspane}  | {$fspans}[{$data['mac']}](\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" "\"""){$fspane}  | {$fspans}{$data['mac']}{$fspane}  | {$fspans}[{$mac_man[$mac_hi]}](\"services_wol.php?if={$data['if']}&mac=$mac\" "\"""){$fspane}  | {$fspans}[{$data['mac']}](\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" "\"""){$fspane}  | {$fspans}{$mac_man[$mac_hi]}{$fspane}  | {$fspans}{$data['mac']}{$fspane}  | {$fspans}"  . htmlentities($data['hostname']) . "{$fspane}  | 
|  | 
-                       
+                       +                       $mac=$ifinfo['macaddr'];
+                       $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]);
+                       if(isset($mac_man[$mac_hi])){ print "" . htmlspecialchars($mac_man[$mac_hi]); print ""; }
+                             else {print htmlspecialchars($mac);}
+                       ?>
                 |

Nov 25, 2010, 8:37 PM

Evgeny,

Great job on that! Let me know once you are compensated for this work and I'll move this topic to "Completed".

Eugene · Nov 25, 2010, 8:44 PM

I believe infofarmer should test it first. As I mentioned earlier I have port 22 blocked at the place I have cloned pfSense to. Tonight I'll try to make a tunnel over 443, push my patches and request a merge. If I am not successful then somebody should commit this changes so people could test them.
Thanks.

Perry · Nov 25, 2010, 9:02 PM

You could make a package instead where you replace the files with yours and install nmap.

Eugene · Nov 25, 2010, 9:12 PM

Do you think it is good idea to modify pfsense-utils.inc by replacing it from a package? especially now when pfSense-2.0 is still beta and this file can be easily changed by any commit…
Probably community should decide on whether we need this functionality at all? It looks nice but is it needed? -)

Eugene · Nov 26, 2010, 4:53 PM

I've requested merge.

eri-- · Dec 2, 2010, 11:16 AM

I am sorry but this can be a package per se and does not need to be in pfSense.
In the package you can put a page same as status->dhcp_leases with your extra changes. This way you make sure nmap is installed.

That is just my opinion.

Eugene · Dec 2, 2010, 2:01 PM

Anyway it seems topic starter is not interested anymore.

Dec 3, 2010, 11:08 AM

So after sending you on that journey, he ended up reneging on the bounty he offered up?

Eugene · Dec 3, 2010, 12:53 PM

@submicron:

So after sending you on that journey, he ended up reneging on the bounty he offered up?

Well… I haven't heard anything from him/her since his/her last post.
I'll probably do a package as ermal and Perry suggested as major job is done here -)

jimp · Dec 3, 2010, 1:37 PM

Give them a little while and if you don't get a response in a few days/weeks, we can always issue a bountypig. ;)

Eugene · Dec 3, 2010, 2:01 PM

I am not sure I know what bountypig is but anyway can we decide on preferable design please? We do not need nmap to be installed for this to work. We need the only one file nmap-mac-prefixes which is a text file with pairs MAC(3 octets) - Vendor name. We can put this file whenever we want and make this stuff independent of nmap package.
So two variants:

It is in 'mainline' but we permanently store mac-prefixes file somewhere.
A package that replaces pfsense-utils.inc, diag_arp.php, status_dhcp_leases.php, status_interfaces.php and installs mac-prefixes file. We can even leave pfsense-utils.inc untouched if we put function load_mac_manufacturer_table() in all of the rest files.

What variant would be preferable?
Thanks.

jimp · Dec 3, 2010, 2:19 PM

What is the license on that nmap file? Is it BSD, MIT, Public Domain, GPL? That may impact if we ship with it or not.

Eugene · Dec 3, 2010, 2:28 PM

@jimp:

What is the license on that nmap file? Is it BSD, MIT, Public Domain, GPL? That may impact if we ship with it or not.

Sorry, I do not know anything about licenses. At the beginning this file states:

Original data comes from http://standards.ieee.org/regauth/oui/oui.txt

These values are known as Organizationally Unique Identifiers (OUIs)

See http://standards.ieee.org/faqs/OUI.html

We have added a few unregistered OUIs at the end.

Can we create our own 'file'? - as I said it is a text file and I believe this information (MAC ranges assigned to manufacturers) is publicly available. We do not have to use this file from nmap.

jimp · Dec 3, 2010, 2:34 PM

If it's an IEEE standard file I think it's OK to use theirs, or make a new one from the raw OUI data. If there is no license stated in the nmap file it may be OK to include theirs regardless.

Eugene · Dec 3, 2010, 4:09 PM

Ok. And finally can we have a final word on what variant is preferable - 1) or 2) please?
Thanks.