enable [--arp] output mac addr to xml

src/out-binary.c

@@ -52,7 +52,7 @@ binary_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 binary_out_status(struct Output *out, FILE *fp, time_t timestamp,
-    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     unsigned char foo[256];
     size_t bytes_written;

src/out-certs.c

@@ -28,7 +28,7 @@ cert_out_close(struct Output *out, FILE *fp)
  ******************************************************************************/
 static void
 cert_out_status(struct Output *out, FILE *fp, time_t timestamp, int status,
-                unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+                unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     /* certificates only come with banner info, so there is no port info
      * to report */

src/out-grepable.c

@@ -128,7 +128,7 @@ grepable_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 grepable_out_status(struct Output *out, FILE *fp, time_t timestamp,
-    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     UNUSEDPARM(timestamp);
     UNUSEDPARM(out);

src/out-json.c

@@ -29,7 +29,7 @@ json_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 json_out_status(struct Output *out, FILE *fp, time_t timestamp, int status,
-               unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+               unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     char reason_buffer[128];
     UNUSEDPARM(out);

src/out-null.c

@@ -31,7 +31,7 @@ null_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 null_out_status(struct Output *out, FILE *fp, time_t timestamp,
-    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     UNUSEDPARM(timestamp);
     UNUSEDPARM(out);

src/out-redis.c

@@ -196,7 +196,7 @@ redis_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 redis_out_status(struct Output *out, FILE *fp, time_t timestamp,
-    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     ptrdiff_t fd = (ptrdiff_t)fp;
     char line[1024];

src/out-text.c

@@ -28,7 +28,7 @@ text_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 text_out_status(struct Output *out, FILE *fp, time_t timestamp,
-    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     UNUSEDPARM(ttl);
     UNUSEDPARM(reason);

src/out-unicornscan.c

@@ -73,7 +73,7 @@ unicornscan_out_close(struct Output *out, FILE *fp)
 
 static void
 unicornscan_out_status(struct Output *out, FILE *fp, time_t timestamp,
-    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+    int status, unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     UNUSEDPARM(reason);
     UNUSEDPARM(out);

src/out-xml.c

@@ -64,30 +64,58 @@ xml_out_close(struct Output *out, FILE *fp)
  ****************************************************************************/
 static void
 xml_out_status(struct Output *out, FILE *fp, time_t timestamp, int status,
-               unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl)
+               unsigned ip, unsigned ip_proto, unsigned port, unsigned reason, unsigned ttl, const unsigned char mac[6])
 {
     char reason_buffer[128];
     UNUSEDPARM(out);
-    fprintf(fp, "<host endtime=\"%u\">"
-                    "<address addr=\"%u.%u.%u.%u\" addrtype=\"ipv4\"/>"
-                    "<ports>"
-                    "<port protocol=\"%s\" portid=\"%u\">"
-                    "<state state=\"%s\" reason=\"%s\" reason_ttl=\"%u\"/>"
-                    "</port>"
-                    "</ports>"
-                "</host>"
-                "\r\n",
-        (unsigned)timestamp,
-        (ip>>24)&0xFF,
-        (ip>>16)&0xFF,
-        (ip>> 8)&0xFF,
-        (ip>> 0)&0xFF,
-        name_from_ip_proto(ip_proto),
-        port,
-        status_string(status),
-        reason_string(reason, reason_buffer, sizeof(reason_buffer)),
-        ttl
-        );
+
+    switch (ip_proto) {
+    case 0:  /* ARP */
+        fprintf(fp, "<host endtime=\"%u\">"
+                        "<address addr=\"%u.%u.%u.%u\" addrtype=\"ipv4\"/>"
+                        "<ports>"
+                        "<port protocol=\"%s\" portid=\"%u\">"
+                        "<state state=\"%s\" reason=\"%s\" reason_ttl=\"%u\"/>"
+                        "</port>"
+                        "</ports>"
+                        "<mac addr=\"%02x:%02x:%02x:%02x:%02x:%02x\">"
+                    "</host>"
+                    "\r\n",
+            (unsigned)timestamp,
+            (ip>>24)&0xFF,
+            (ip>>16)&0xFF,
+            (ip>> 8)&0xFF,
+            (ip>> 0)&0xFF,
+            name_from_ip_proto(ip_proto),
+            port,
+            status_string(status),
+            reason_string(reason, reason_buffer, sizeof(reason_buffer)),
+            ttl,
+            mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]
+            );
+        break;
+    default:
+        fprintf(fp, "<host endtime=\"%u\">"
+                        "<address addr=\"%u.%u.%u.%u\" addrtype=\"ipv4\"/>"
+                        "<ports>"
+                        "<port protocol=\"%s\" portid=\"%u\">"
+                        "<state state=\"%s\" reason=\"%s\" reason_ttl=\"%u\"/>"
+                        "</port>"
+                        "</ports>"
+                    "</host>"
+                    "\r\n",
+            (unsigned)timestamp,
+            (ip>>24)&0xFF,
+            (ip>>16)&0xFF,
+            (ip>> 8)&0xFF,
+            (ip>> 0)&0xFF,
+            name_from_ip_proto(ip_proto),
+            port,
+            status_string(status),
+            reason_string(reason, reason_buffer, sizeof(reason_buffer)),
+            ttl
+            );
+    }
 }
 
 /****************************************************************************

src/output.c

@@ -822,7 +822,7 @@ output_report_status(struct Output *out, time_t timestamp, int status,
      * Now do the actual output, whether it be XML, binary, JSON, Redis,
      * and so on.
      */
-    out->funcs->status(out, fp, timestamp, status, ip, ip_proto, port, reason, ttl);
+    out->funcs->status(out, fp, timestamp, status, ip, ip_proto, port, reason, ttl, mac);
 }
 
 

src/output.h

@@ -29,7 +29,7 @@ struct OutputType {
     void (*status)(struct Output *out, FILE *fp,
                    time_t timestamp, int status,
                    unsigned ip, unsigned ip_proto, unsigned port, 
-                   unsigned reason, unsigned ttl);
+                   unsigned reason, unsigned ttl, const unsigned char mac[6]);
     void (*banner)(struct Output *out, FILE *fp,
                    time_t timestamp, unsigned ip, unsigned ip_proto,
                    unsigned port, enum ApplicationProtocol proto,