From owner-freebsd-questions  Thu Aug  2 11:22:36 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP id 675F637B401
	for <freebsd-questions@FreeBSD.ORG>; Thu,  2 Aug 2001 11:22:33 -0700 (PDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.11.4/8.11.4) id f72IMSD19710
	for freebsd-questions@FreeBSD.ORG; Thu, 2 Aug 2001 13:22:28 -0500 (CDT)
	(envelope-from dan)
Date: Thu, 2 Aug 2001 13:22:27 -0500
From: Dan Nelson <dnelson@emsphone.com>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Passive network interface?
Message-ID: <20010802132227.A7110@dan.emsphone.com>
References: <20010802083001.B61442@sigbus.com> <20010802122417.A8089@dan.emsphone.com> <20010802110620.A62059@sigbus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010802110620.A62059@sigbus.com>
User-Agent: Mutt/1.3.20i
X-OS: FreeBSD 5.0-CURRENT
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

In the last episode (Aug 02), Charles Henrich said:
> > In the last episode (Aug 02), Charles Henrich said:
> > > Is there any provision in FreeBSD for turning an interface into a
> > > monitor-only port, where none of the packets are processed by the
> > > IP stack, and instead just used only by things like tcpdump?
> > 
> > Don't ifconfig an IP onto it and you should be okay.
>
> I still see arp broadcast problems though (i.e. IP is on interface #1
> but got reply on interface 2)

Theoretically you should be able to set the NOARP flag on the interface
to stop that, but NOARP only seems to block ARP broadcasts, not
reception.  There should probably be a test added at the top of
ip_arpinput() to handle that.

For now, just set the log_arp_wrong_iface sysctl to 1 and the kernel
warnings will stop.


-- 
	Dan Nelson
	dnelson@emsphone.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message