robgonnella · robgonnella · Aug 7, 2023
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,7 +20,7 @@ jobs:
           go-version: '1.19'
 
       - name: Install make
-        run: sudo apt update && sudo apt install -y make
+        run: sudo apt update && sudo apt install -y make libpcap-dev
 
       - name: Build
         run: make

diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/apenella/go-ansible v1.1.7
 	github.com/gdamore/tcell/v2 v2.6.0
 	github.com/golang/mock v1.6.0
-	github.com/imdario/mergo v0.3.16
+	github.com/google/gopacket v1.1.19
 	github.com/jackpal/gateway v1.0.10
 	github.com/projectdiscovery/mapcidr v1.1.2
 	github.com/rivo/tview v0.0.0-20230621164836-6cc0565babaf

diff --git a/go.sum b/go.sum
@@ -155,6 +155,8 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -203,8 +205,6 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=

diff --git a/internal/core/core_test.go b/internal/core/core_test.go
@@ -26,6 +26,7 @@ func TestCore(t *testing.T) {
 
 	mockScanner := mock_discovery.NewMockScanner(ctrl)
 	mockDetailsScanner := mock_discovery.NewMockDetailScanner(ctrl)
+	mockPacketScanner := mock_discovery.NewMockPacketScanner(ctrl)
 	mockConfig := mock_config.NewMockService(ctrl)
 	mockServerService := mock_server.NewMockService(ctrl)
 
@@ -40,6 +41,7 @@ func TestCore(t *testing.T) {
 	discoveryService := discovery.NewScannerService(
 		mockScanner,
 		mockDetailsScanner,
+		mockPacketScanner,
 		mockServerService,
 	)
 
@@ -223,6 +225,7 @@ func TestCore(t *testing.T) {
 		wg := sync.WaitGroup{}
 		wg.Add(5)
 
+		mockPacketScanner.EXPECT().ListenForPackets(gomock.Any())
 		mockServerService.EXPECT().StreamEvents(gomock.Any()).Return(1)
 		mockServerService.EXPECT().
 			GetAllServersInNetworkTargets(conf.Targets).

diff --git a/internal/core/create.go b/internal/core/create.go
@@ -83,17 +83,24 @@ func CreateNewAppCore(networkInfo *util.NetworkInfo) (*Core, error) {
 	serverRepo := server.NewSqliteRepo(db)
 	serverService := server.NewService(*conf, serverRepo)
 
-	netScanner, err := discovery.NewNetScanner(conf.Targets)
+	netScanner, err := discovery.NewNetScanner(networkInfo, conf.Targets)
 
 	if err != nil {
 		return nil, err
 	}
 
 	detailScanner := discovery.NewAnsibleIpScanner(*conf)
 
+	packetScanner, err := discovery.NewPCapScanner(conf.Targets, networkInfo)
+
+	if err != nil {
+		return nil, err
+	}
+
 	scannerService := discovery.NewScannerService(
 		netScanner,
 		detailScanner,
+		packetScanner,
 		serverService,
 	)
 

diff --git a/internal/core/monitor.go b/internal/core/monitor.go
@@ -43,6 +43,7 @@ func (c *Core) handleServerEvent(evt *event.Event) {
 	fields := map[string]interface{}{
 		"type":     evt.Type,
 		"id":       payload.ID,
+		"mac":      payload.MAC,
 		"hostname": payload.Hostname,
 		"os":       payload.OS,
 		"ip":       payload.IP,

diff --git a/internal/discovery/interface.go b/internal/discovery/interface.go
@@ -1,14 +1,23 @@
 package discovery
 
-import "context"
+import (
+	"context"
 
-//go:generate mockgen -destination=../mock/discovery/mock_discovery.go -package=mock_discovery . DetailScanner,Scanner
+	"github.com/robgonnella/ops/internal/server"
+)
+
+//go:generate mockgen -destination=../mock/discovery/mock_discovery.go -package=mock_discovery . DetailScanner,PacketScanner,Scanner
 
 // DetailScanner interface for gathering more details about a device
 type DetailScanner interface {
 	GetServerDetails(ctx context.Context, ip string) (*Details, error)
 }
 
+// PacketScanner
+type PacketScanner interface {
+	ListenForPackets(resultChan chan *server.Server)
+}
+
 // Scanner interface for scanning a network for devices
 type Scanner interface {
 	Scan(resultChan chan *DiscoveryResult) error

diff --git a/internal/discovery/net.go b/internal/discovery/net.go
@@ -13,6 +13,7 @@ import (
 	"github.com/projectdiscovery/mapcidr"
 	"github.com/robgonnella/ops/internal/logger"
 	"github.com/robgonnella/ops/internal/server"
+	"github.com/robgonnella/ops/internal/util"
 )
 
 var cidrSuffix = regexp.MustCompile(`\/\d{2}$`)
@@ -24,7 +25,7 @@ type NetScanner struct {
 	log       logger.Logger
 }
 
-func NewNetScanner(targets []string) (*NetScanner, error) {
+func NewNetScanner(networkInfo *util.NetworkInfo, targets []string) (*NetScanner, error) {
 	ipList := []string{}
 
 	for _, t := range targets {

diff --git a/internal/discovery/pcap.go b/internal/discovery/pcap.go
@@ -0,0 +1,99 @@
+package discovery
+
+import (
+	"context"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/google/gopacket/pcap"
+	"github.com/projectdiscovery/mapcidr"
+	"github.com/robgonnella/ops/internal/logger"
+	"github.com/robgonnella/ops/internal/server"
+	"github.com/robgonnella/ops/internal/util"
+)
+
+type PCapScanner struct {
+	ctx          context.Context
+	cancel       context.CancelFunc
+	networkInfo  *util.NetworkInfo
+	targets      []string
+	handle       *pcap.Handle
+	packetSource *gopacket.PacketSource
+	log          logger.Logger
+}
+
+func NewPCapScanner(
+	targets []string,
+	networkInfo *util.NetworkInfo,
+) (*PCapScanner, error) {
+	ipList := []string{}
+
+	for _, t := range targets {
+		if cidrSuffix.MatchString(t) {
+			ips, err := mapcidr.IPAddresses(t)
+
+			if err != nil {
+				return nil, err
+			}
+
+			ipList = append(ipList, ips...)
+		} else {
+			ipList = append(ipList, t)
+		}
+	}
+
+	handle, err := pcap.OpenLive(
+		networkInfo.Interface.Name,
+		int32(networkInfo.Interface.MTU),
+		true,
+		pcap.BlockForever,
+	)
+
+	if err != nil {
+		return nil, err
+	}
+
+	packetSource := gopacket.NewPacketSource(handle, layers.LinkTypeEthernet)
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	return &PCapScanner{
+		ctx:          ctx,
+		cancel:       cancel,
+		networkInfo:  networkInfo,
+		targets:      ipList,
+		handle:       handle,
+		packetSource: packetSource,
+		log:          logger.New(),
+	}, nil
+}
+
+func (s *PCapScanner) Stop() {
+	s.cancel()
+	s.handle.Close()
+}
+
+func (s *PCapScanner) ListenForPackets(res chan *server.Server) {
+	for packet := range s.packetSource.Packets() {
+		ipLayer := packet.Layer(layers.LayerTypeIPv4)
+		ethLayer := packet.Layer(layers.LayerTypeEthernet)
+
+		if ipLayer == nil || ethLayer == nil {
+			continue
+		}
+
+		ipv4 := ipLayer.(*layers.IPv4)
+		eth := ethLayer.(*layers.Ethernet)
+
+		if ipv4.SrcIP.Equal(s.networkInfo.UserIP) {
+			continue
+		}
+
+		srcIP := ipv4.SrcIP.String()
+		srcMAC := eth.SrcMAC.String()
+
+		if util.SliceIncludes(s.targets, srcIP) {
+			res <- &server.Server{IP: srcIP, MAC: srcMAC}
+		}
+	}
+}
diff --git a/internal/discovery/service.go b/internal/discovery/service.go
@@ -14,6 +14,7 @@ type ScannerService struct {
 	cancel        context.CancelFunc
 	scanner       Scanner
 	detailScanner DetailScanner
+	packetScanner PacketScanner
 	serverService server.Service
 	log           logger.Logger
 }
@@ -22,6 +23,7 @@ type ScannerService struct {
 func NewScannerService(
 	scanner Scanner,
 	detailScanner DetailScanner,
+	packetScanner PacketScanner,
 	serverService server.Service,
 ) *ScannerService {
 	log := logger.New()
@@ -34,6 +36,7 @@ func NewScannerService(
 		cancel:        cancel,
 		scanner:       scanner,
 		detailScanner: detailScanner,
+		packetScanner: packetScanner,
 		serverService: serverService,
 		log:           log,
 	}
@@ -59,6 +62,10 @@ func (s *ScannerService) Stop() {
 func (s *ScannerService) pollNetwork() {
 	ticker := time.NewTicker(time.Second * 30)
 	resultChan := make(chan *DiscoveryResult)
+	packetResults := make(chan *server.Server)
+
+	// start listening for packet updates
+	go s.packetScanner.ListenForPackets(packetResults)
 
 	// start first scan
 	// always scan in goroutine to prevent blocking result channel
@@ -77,6 +84,13 @@ func (s *ScannerService) pollNetwork() {
 			return
 		case r := <-resultChan:
 			s.handleDiscoveryResult(r)
+		case r := <-packetResults:
+			if err := s.serverService.UpdateMACByIP(r); err != nil {
+				s.log.Error().
+					Err(err).
+					Interface("req", r).
+					Msg("failed to update server")
+			}
 		case <-ticker.C:
 			// always scan in goroutine to prevent blocking result channel
 			go func() {

diff --git a/internal/discovery/service_test.go b/internal/discovery/service_test.go
@@ -19,11 +19,13 @@ func TestDiscoveryService(t *testing.T) {
 	t.Run("monitors network for offline servers", func(st *testing.T) {
 		mockScanner := mock_discovery.NewMockScanner(ctrl)
 		mockDetailScanner := mock_discovery.NewMockDetailScanner(ctrl)
+		mockPacketScanner := mock_discovery.NewMockPacketScanner(ctrl)
 		mockServerService := mock_server.NewMockService(ctrl)
 
 		service := discovery.NewScannerService(
 			mockScanner,
 			mockDetailScanner,
+			mockPacketScanner,
 			mockServerService,
 		)
 
@@ -41,6 +43,7 @@ func TestDiscoveryService(t *testing.T) {
 			Ports:    []discovery.Port{port},
 		}
 
+		mockPacketScanner.EXPECT().ListenForPackets(gomock.Any())
 		mockScanner.EXPECT().Scan(gomock.Any()).DoAndReturn(func(rchan chan *discovery.DiscoveryResult) error {
 			go func() {
 				rchan <- result
@@ -60,11 +63,13 @@ func TestDiscoveryService(t *testing.T) {
 	t.Run("monitors network for online servers", func(st *testing.T) {
 		mockScanner := mock_discovery.NewMockScanner(ctrl)
 		mockDetailScanner := mock_discovery.NewMockDetailScanner(ctrl)
+		mockPacketScanner := mock_discovery.NewMockPacketScanner(ctrl)
 		mockServerService := mock_server.NewMockService(ctrl)
 
 		service := discovery.NewScannerService(
 			mockScanner,
 			mockDetailScanner,
+			mockPacketScanner,
 			mockServerService,
 		)
 
@@ -91,6 +96,7 @@ func TestDiscoveryService(t *testing.T) {
 			SshStatus: server.SSHDisabled,
 		}
 
+		mockPacketScanner.EXPECT().ListenForPackets(gomock.Any())
 		mockScanner.EXPECT().Scan(gomock.Any()).DoAndReturn(func(rchan chan *discovery.DiscoveryResult) error {
 			go func() {
 				rchan <- result
@@ -110,11 +116,13 @@ func TestDiscoveryService(t *testing.T) {
 	t.Run("requests extra details when ssh is enabled", func(st *testing.T) {
 		mockScanner := mock_discovery.NewMockScanner(ctrl)
 		mockDetailScanner := mock_discovery.NewMockDetailScanner(ctrl)
+		mockPacketScanner := mock_discovery.NewMockPacketScanner(ctrl)
 		mockServerService := mock_server.NewMockService(ctrl)
 
 		service := discovery.NewScannerService(
 			mockScanner,
 			mockDetailScanner,
+			mockPacketScanner,
 			mockServerService,
 		)
 
@@ -146,6 +154,7 @@ func TestDiscoveryService(t *testing.T) {
 			SshStatus: server.SSHEnabled,
 		}
 
+		mockPacketScanner.EXPECT().ListenForPackets(gomock.Any())
 		mockScanner.EXPECT().Scan(gomock.Any()).DoAndReturn(func(rchan chan *discovery.DiscoveryResult) error {
 			go func() {
 				rchan <- result