patch for arpwatch to ignore CARP-generated ARP replies
Jordan Gordeev
jgordeev at dir.bg
Thu Nov 16 16:15:10 UTC 2006
Problem description: CARP answers ARP requests for a virtual IP with ARP
replies that have the MAC of the physical interface in the Ethernet
header and the virtual MAC in the contained ARP message. These strange
ARP messages are logged by arpwatch as "ethernet mismatch".
There's a patch below that causes arpwatch (version 2.1a15) to ignore
ARP replies generated by CARP, instead of reporting "ethernet mismatch"
via syslog.
Please, share your opinions.
--- arpwatch.c.old Wed Nov 15 19:39:16 2006
+++ arpwatch.c Wed Nov 15 19:51:26 2006
@@ -105,6 +105,9 @@
#define max(a,b) ((b)>(a)?(b):(a))
#endif
+#define VRRP_PREFIX_LEN 5
+const unsigned char vrrp_prefix[VRRP_PREFIX_LEN] = { 0x00, 0x00, 0x5e,
0x00, 0x01 };
+
char *prog;
int can_checkpoint;
@@ -391,6 +394,10 @@
return;
}
+ /* Check for CARP-generated ARP replies and ignore them */
+ if (MEMCMP(sha, vrrp_prefix, VRRP_PREFIX_LEN) == 0) {
+ /* do nothing */
+ } else
/* Double check ethernet addresses */
if (MEMCMP(sea, sha, 6) != 0) {
dosyslog(LOG_INFO, "ethernet mismatch", sia, sea, sha);
More information about the freebsd-net
mailing list