kern/136023: "ARP: ... moved" log line incomplete

Arnt Gulbrandsen arnt at gulbrandsen.priv.no
Thu Jun 25 09:20:02 UTC 2009 

>Number:         136023
>Category:       kern
>Synopsis:       "ARP: ... moved" log line incomplete
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 25 09:20:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Arnt Gulbrandsen
>Release:        7.1
>Organization:
>Environment:
FreeBSD kalyani.oryx.com 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan  1 08:58:24 UTC 2009    root at driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
When an ARP table entry changes, the kernel logs a line like this (IP addresses and blah kept unchanged):
arp: 195.30.37.40 moved from 00:00:24:c0:0e:29 to 00:16:6f:bb:37:8d on nfe0

The log line is based on a packet like this (as reported by tcpdump):
10:50:29.888674 00:16:6f:bb:37:8d > 00:19:66:2a:83:bc, ethertype ARP (0x0806), length 60: arp reply 195.30.37.40 is-at 00:16:6f:bb:37:8d

However, the log line does not log one important piece of information: Who sent the ARP reply (00:16:6f:bb:37:8d in this case). IMO it should be something like

arp: 195.30.37.40 moved from 00:00:24:c0:0e:29 to 00:16:6f:bb:37:8d on nfe0 based on ARP reply from 00:16:6f:bb:37:8d.

>How-To-Repeat:
Needs three hosts, all on the same ethernet. On A, set up proxy arp for B, pointing to a nonexistent ARP device. On C, ping B.

C will log "ARP: ... moved..." and may or may not be able to send ping replies to B. The log line will not indicate that A is the source of the problem.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list