Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There should be a means for dynamic updates of the OUI database #236

Open
meyergru opened this issue Sep 11, 2021 · 1 comment
Open

There should be a means for dynamic updates of the OUI database #236

meyergru opened this issue Sep 11, 2021 · 1 comment

Comments

@meyergru
Copy link

Currently, the oui.txt and iab.txt are supplied statically with the package.

  1. The files are almost always outdated, unless an update for the python package was just being done. As of 0.8.0, the database is from August 2020. Thus, many modern hardware cannot be identified.
  2. Currently, one sees a lot of "fake", i.e. locally administered MACs, because in order to limit tracking, Apple has elected to use "private", or better: random MACs (cf. https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web). This is not differentiated by the implementation. At least, there should be a predicate that test for locally administered MACs.

See also: opnsense/core#5205 for a typical usecase for this library and why it would be beneficial to fix this here...

Therefore, I suggest offering a way for update the database either manually or regularly. This can easily be done by:

#! /bin/sh
curl -s -o oui.txt http://standards-oui.ieee.org/oui/oui.txt
curl -s -o iab.txt http://standards-oui.ieee.org/iab/iab.txt
python3 ieee.py

or better in python as an API function.

Also, the location of the database files should be selectable and not in the path for the scripts (like /var/lib/netaddr), such that clients may choose where to store those files.

For the second part, I suggest differentiating between "unknown" vendors and "private" MACs by matching for the second nibble of the MAC address:

$vendor = (stripos('EA62', substr($mac, 1, 1)) !== false) ? 'Locally administered MAC' : '') : 'whatever the OUI lookup says'

One could improve that even more by adding some known locally administered MAC prefixes, like '52-54-00' for KVM virtual machines (VMware uses their own 'real' OUI prefixes already). This could be done by appending to oui.txt like so:

#! /bin/sh
cd /usr/local/lib/python3.8/site-packages/netaddr/eui
curl -s -o oui.txt http://standards-oui.ieee.org/oui/oui.txt
curl -s -o iab.txt http://standards-oui.ieee.org/iab/iab.txt
printf  "52-54-00   (hex)\t\tKVM virtual machine\r\n" >> oui.txt
printf "525400     (base 16)\t\tKVM virtual machine\r\n" >> oui.txt
printf "\t\t\t\t\r\n" >> oui.txt
printf "\t\t\t\t\r\n" >> oui.txt
printf "\t\t\t\tUS\r\n" >> oui.txt
python3 ieee.py
@meyergru meyergru mentioned this issue Sep 11, 2021
Closed
@rshxyz
Copy link

rshxyz commented May 21, 2022

Any plans to implement this change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@meyergru @rshxyz