FreeBSD 9 and ARP multicast source address error messages

[Alexander Wittig]

Gleb,

> A> I'm not an expert on networking, but is this condition of ignoring such an ARP packet really a noteworthy event? I.e. is this something that should not occur in "normal" operation according to the ARP specifications? If this is mostly for kernel developers, maybe it should only be enabled in debug kernel builds?
> 
> Nope, this isn't for kernel developers only but for sysadmins. Some bad traffic is present in your
> network, and it should be noticed by sysadmin, that's why LOG_NOTICE severity left.
> 
> However, I understand how annoying it is when you are in a bad network, you don't admin it, you
> can't fix it and your logging system is too chatty. I am thinking of some generic way of supperssing
> or ratelimiting all logged events that can be triggered by host on LAN or even by remote host.

That would be great. As you say, I don't administer the network or these Windows cluster machines, so I can't make the offending ARP packages go away. For me, filtering them out via ipfw (as described in my first email) works just fine for now. An easier solution than some sort of rate limiting may be a simple sysctl knob to disable the messages manually at runtime? Something akin to the already existing net.link.ether.inet.log_arp_permanent_modify, net.link.ether.inet.log_arp_movements, net.link.ether.inet.log_arp_wrong_iface, maybe.

Alexander