Allow gratuitous ARP requests.

[Dimi1010]

This PR is a potential implementation of #1682.

Specific header constructors

ArpLayer has been expanded with constructors accepting the following structures that build a respective ARP header inside the layer.

• ArpRequest
• ArpReply
• GratuitousArpRequest
• GratuitousArpReply

[codecov]

Codecov Report

Attention: Patch coverage is 95.94595% with 6 lines in your changes missing coverage. Please review.

Project coverage is 83.15%. Comparing base (d60c699) to head (6cffe96).

Files with missing lines	Patch %	Lines
Examples/ArpSpoofing/main.cpp	0.00%	3 Missing ⚠️
Packet++/src/ArpLayer.cpp	93.61%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##              dev    #1684      +/-   ##
==========================================
+ Coverage   83.11%   83.15%   +0.03%     
==========================================
  Files         277      277              
  Lines       48207    48315     +108     
  Branches    10192     9959     -233     
==========================================
+ Hits        40069    40174     +105     
- Misses       7243     7258      +15     
+ Partials      895      883      -12     

Flag	Coverage Δ
alpine320	75.14% <90.12%> (+0.03%)	⬆️
fedora40	75.15% <90.12%> (-0.01%)	⬇️
macos-13	80.66% <96.50%> (+0.04%)	⬆️
macos-14	80.66% <96.50%> (+0.04%)	⬆️
macos-15	80.64% <96.50%> (+0.04%)	⬆️
mingw32	70.81% <78.26%> (-0.05%)	⬇️
mingw64	70.78% <78.26%> (-0.04%)	⬇️
npcap	85.25% <95.23%> (+<0.01%)	⬆️
rhel94	75.03% <88.88%> (+0.05%)	⬆️
ubuntu2004	58.53% <54.19%> (-0.06%)	⬇️
ubuntu2004-zstd	58.65% <54.19%> (-0.04%)	⬇️
ubuntu2204	74.92% <88.88%> (+0.02%)	⬆️
ubuntu2204-icpx	61.55% <81.48%> (+0.10%)	⬆️
ubuntu2404	75.18% <90.12%> (+0.02%)	⬆️
unittest	83.15% <95.94%> (+0.03%)	⬆️
windows-2019	85.29% <95.23%> (+<0.01%)	⬆️
windows-2022	85.31% <95.23%> (+<0.01%)	⬆️
winpcap	85.28% <95.23%> (+0.01%)	⬆️
xdp	50.60% <85.18%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[seladb]

@Dimi1010 the main issue I see with this approach is that it's quite strict and limits users to specific options to create ARP messages. Creating a non-standard ARP message is not possible unless they use the deprecated c'tor.

My suggestion here keeps the existing c'tor which gives the most freedom while creating another c'tor for gratuitous ARP requests which AFAIK are quite rarely used (no one requested it until now, even though ARP exists for many years in PcapPlusPlus)

[Dimi1010]

@Dimi1010 the main issue I see with this approach is that it's quite strict and limits users to specific options to create ARP messages. Creating a non-standard ARP message is not possible unless they use the deprecated c'tor.

My suggestion here keeps the existing c'tor which gives the most freedom while creating another c'tor for gratuitous ARP requests which AFAIK are quite rarely used (no one requested it until now, even though ARP exists for many years in PcapPlusPlus)

Deprecating the current ctor is not really a requirement, I deprecated it because people might have been relying on the zeroing the target MAC functionality.

The new private ctor can also be exposed to allow ppl to construct whatever packets they want, which would probably work better, as the MAC addr wont be zeroed out under their feet if they dont want it.

[seladb]

ing the current ctor is not really a requirement, I deprecated it because people might have been relying on the zeroing the target MAC functionality.

The new private ctor can also be exposed to

When I think about it, maybe we can just remove zeroing out targetMacAddr in computeCalculateFields() because we don't do it anywhere else 🤔

We probably need to update some tests and examples that use ARP (like Arping) which assume an ARP request always has a targetMacAddr of zero, but maybe that's the most flexible solution that provides a viable fix. The downside is that it's a breaking change for everyone who assumes it's zerod...

[Dimi1010]

When I think about it, maybe we can just remove zeroing out targetMacAddr in computeCalculateFields() because we don't do it anywhere else 🤔

We probably need to update some tests and examples that use ARP (like Arping) which assume an ARP request always has a targetMacAddr of zero, but maybe that's the most flexible solution that provides a viable fix. The downside is that it's a breaking change for everyone who assumes it's zerod...

I can make the ArpLayer(ArpOpcode opCode, const MacAddress& senderMacAddr, const IPv4Address& senderIpAddr, const MacAddress& targetMacAddr, const IPv4Address& targetIpAddr); constructor public. It would allow a gentler transition for those that use the zeroing, as the old one will be flagged as deprecated to allow them time to transition.

Also a standard ARP request should have the target mac zeroed. It is in the spec.

[seladb]

When I think about it, maybe we can just remove zeroing out targetMacAddr in computeCalculateFields() because we don't do it anywhere else 🤔
We probably need to update some tests and examples that use ARP (like Arping) which assume an ARP request always has a targetMacAddr of zero, but maybe that's the most flexible solution that provides a viable fix. The downside is that it's a breaking change for everyone who assumes it's zerod...

I can make the ArpLayer(ArpOpcode opCode, const MacAddress& senderMacAddr, const IPv4Address& senderIpAddr, const MacAddress& targetMacAddr, const IPv4Address& targetIpAddr); constructor public. It would allow a gentler transition for those that use the zeroing, as the old one will be flagged as deprecated to allow them time to transition.

Also a standard ARP request should have the target mac zeroed. It is in the spec.

You convinced me 🙂
If we keep the existing c'tor (not deprecated) then I guess we can add the additional c'tors with specific messages, and remove zeroing targetMacAddr

[seladb]

There are also ARP layers generated in 3 places in ArpSpoofing that we can modify: https://github.com/seladb/PcapPlusPlus/blob/feba0b7124a4536ec2a0a947bc96c146ada099d7/Examples/ArpSpoofing/main.cpp

[seladb]

You can use ArpResponsePacket.dat

[Dimi1010]

Sure, but why is the packet size 60 in EthAndArpPacketParsing? 14 (EthLayer) +28 (ArpLayer) makes 42, no?

[seladb]

Good question, the extra is Ethernet trailer, as you can see in ArpResponsePacket.pcap. But it is still a valid ARP response packet

[tigercosmos]

ARP response can have random length padding at the end, which also confused me before.