I would like to implement a new secure ARP protocol that is immune to ARP poisoning. The new "SecureArp" will hold a signature field that can be checked against an agreed upon hmac function. The scapy definition is as follows:
class SecureArp(Packet):
name = "SecureARP"
fields_desc = [IPField("srcip", None),
MACField("srcmac", None),
IPField("dstip", None),
MACField("dstmac", "00:00:00:00:00:00"),
IntEnumField("opcode", 1, { 1: "request", 2: "response" }),
StrFixedLenField("challenge", "", length=24),
StrFixedLenField("signature", "", length=20)]
The problem I encounter is that when receiving such SecureArp message scapy doesn't parse it at all and leaves the data as "Raw". I read the SecDev documentation about extending to a new protocol and its very unclear. What steps should i take so a SecureArp packet received would be automatically parsed? Thanks
You'll have to bind your layer to another one in order for scapy to auto dissect it.
Also see scapys ARP implementation.
bind_layers( Ether, ARP, type=2054)