Date: Thu, 16 Nov 2006 18:20:16 +0200 From: Jordan Gordeev <jgordeev@dir.bg> To: freebsd-net@freebsd.org Subject: patch for arpwatch to ignore CARP-generated ARP replies Message-ID: <455C8FC0.4050901@dir.bg>
next in thread | raw e-mail | index | archive | help
Problem description: CARP answers ARP requests for a virtual IP with ARP
replies that have the MAC of the physical interface in the Ethernet
header and the virtual MAC in the contained ARP message. These strange
ARP messages are logged by arpwatch as "ethernet mismatch".
There's a patch below that causes arpwatch (version 2.1a15) to ignore
ARP replies generated by CARP, instead of reporting "ethernet mismatch"
via syslog.
Please, share your opinions.
--- arpwatch.c.old Wed Nov 15 19:39:16 2006
+++ arpwatch.c Wed Nov 15 19:51:26 2006
@@ -105,6 +105,9 @@
#define max(a,b) ((b)>(a)?(b):(a))
#endif
+#define VRRP_PREFIX_LEN 5
+const unsigned char vrrp_prefix[VRRP_PREFIX_LEN] = { 0x00, 0x00, 0x5e,
0x00, 0x01 };
+
char *prog;
int can_checkpoint;
@@ -391,6 +394,10 @@
return;
}
+ /* Check for CARP-generated ARP replies and ignore them */
+ if (MEMCMP(sha, vrrp_prefix, VRRP_PREFIX_LEN) == 0) {
+ /* do nothing */
+ } else
/* Double check ethernet addresses */
if (MEMCMP(sea, sha, 6) != 0) {
dosyslog(LOG_INFO, "ethernet mismatch", sia, sea, sha);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455C8FC0.4050901>