Improve MAC OUI vendor database handling and display for 'private' MAC addresses

[meyergru]

Display for MAC vendors in status_dhcp_leases.php is based on a python implementation for IEEE databases.
There are two problems I see with this approach:

1. The files are almost always outdated, unless an update for the python package was just being done. As of 21.7.2, the database is from August 2020. Thus, many modern hardware cannot be identified.
2. Currently, one sees a lot of "fake", i.e. locally administered MACs, because in order to limit tracking, Apple has elected to use "private", or better: random MACs (cf. https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web)

Therefore, I suggest offering a way for update the database either manually or regularly. This can easily be done by:

#! /bin/sh
cd /usr/local/lib/python3.8/site-packages/netaddr/eui
curl -s -o oui.txt http://standards-oui.ieee.org/oui/oui.txt
curl -s -o iab.txt http://standards-oui.ieee.org/iab/iab.txt
python3 ieee.py

For the second part, I suggest differentiating between "unknown" vendors and "private" MACs by changing this section in status_dhcp_leases.php:

                  <td>
                      <?=$data['mac'];?><br />
                      <small><i><?= !empty($mac_man[$mac_hi]) ? $mac_man[$mac_hi] : '' ?></i></small>
                  </td>

to read:

                  <td>
                      <?=$data['mac'];?><br />
                      <small><i><?= !empty($mac_man[$mac_hi]) ? $mac_man[$mac_hi] : 
                                                (stripos('EA62', substr($data['mac'], 1, 1)) !== false ?
                                                'Locally administered MAC' : '') ?></i></small>
                  </td>

(if you try this on your local machine, do not forget to restart the web gui via '/usr/local/etc/rc.restart_webgui')

One could improve that even more by adding some known locally administered MAC prefixes, like '52-54-00' for KVM virtual machines (VMware uses their own 'real' OUI prefixes already). This could be done by appending to oui.txt like so:

#! /bin/sh
cd /usr/local/lib/python3.8/site-packages/netaddr/eui
curl -s -o oui.txt http://standards-oui.ieee.org/oui/oui.txt
curl -s -o iab.txt http://standards-oui.ieee.org/iab/iab.txt
printf  "52-54-00   (hex)\t\tKVM virtual machine\r\n" >> oui.txt
printf "525400     (base 16)\t\tKVM virtual machine\r\n" >> oui.txt
printf "\t\t\t\t\r\n" >> oui.txt
printf "\t\t\t\t\r\n" >> oui.txt
printf "\t\t\t\tUS\r\n" >> oui.txt
python3 ieee.py

[AdSchellevis]

It’s probably better to create a ticket at netaddr to support the missing pieces or support some sort of standard location for database overwrites.

Updating files within these packages is something we usually try to prevent for maintenance reasons.

[meyergru]

You are correct, I opened an issue upstream. netaddr/netaddr#236

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.