LinuxLists.cc - possible arp table corruption [2.4.18]

2004-06-29 20:07:12

Subject: possible arp table corruption [2.4.18]

Hello!

I noticed a few strange errors in the arp table of a local firewall serving
about 300 connected computers.
This PC is running 2.4.18 (Debian Woody) and I get the list via the program
"arp" (version 1.60-4, called from inside a python script). This script is called
about every 20 seconds.

I don't know if the kernel or "arp" or something else is broken, but I don't
think "arp" does change much before printing the output. That is why I think
posting the problem to this list is not very wrong.

Here are some examples of the errors:

134.130.48.66 ether 00:00:5A:13:3A:36 C eth0
134.130.49.152 ether 00:50:04:46:8A:B2 C eth0 <- wrong!
134.130.49.45 ether 00:50:FC:FF:62:4E C eth0

---

134.130.48.240 ether 00:02:3F:AF:3C:B4 C eth0
134.130.48.157 ether 00:10:4B:45:86:6C C eth0 <- OK
134.130.48.157 ether 00:10:4B:45:86:6C C eth0 <- double!
134.130.48.213 ether 00:0E:A6:3B:41:81 C eth0

---

134.130.48.186 ether 00:04:61:52:CC:9F C eth0
134.130.49.41 ether 00:02:3F:68:67:E9 C eth0 <- OK
134.130.48.40 ether 00:02:3F:68:67:E9 C eth0 <- MAC repeated
134.130.48.40 ether 00:07:95:04:C8:3C C eth0 <- OK
134.130.49.159 ether 00:E0:18:2D:95:F0 C eth0

I also got a "134.130.4x.6xx" IP a few times, but that case is not in my logs.

Please tell me
- if there is a known bug in (at least) 2.4.18
- if "arp" is broken
- if I am doing something wrong

Please also reply directly to me, because the LKML is quite complex.

Thank you very much,
--
Carsten Otto
[email protected]
http://www.c-otto.de

Attachments:

(No filename) (1.66 kB)
(No filename) (189.00 B)
Download all attachments

2004-06-29 21:15:14

by Bernd Eckenfels

[permalink] [raw]

Subject: Re: possible arp table corruption [2.4.18]

In article <[email protected]> you wrote:
> I don't know if the kernel or "arp" or something else is broken

the /proc interface is most likely broken in some way :)

> - if I am doing something wrong

you can try "arpd -p", "cat /proc/net/arp" and 2ip neigh show"
in addition to your arp script.

Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/

2004-06-29 22:29:53

by Bernd Eckenfels

[permalink] [raw]

Subject: Re: possible arp table corruption [2.4.18]

In article <[email protected]> you wrote:
> you can try "arpd -p"

oops arpwatch -p

Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/