Subject: Re: arp warning message
To: Andrew Brown <>
From: Ignatios Souvatzis <>
List: current-users
Date: 08/17/2000 21:22:42
On Thu, Aug 17, 2000 at 02:54:03PM -0400, Andrew Brown wrote:
> >> arplookup() in if_arp.c sometimes spews this message
> >> 
> >>     "arplookup: unable to enter address for %s (%s)"
> >> 
> >> and i thought i understood what triggered it, but apparently i'm
> >> wrong.  or...i'm not the net.hacker i thought i was.
> >> 
> >> can someone please describe a packet or sequence of packets (i imagine
> >> two at most) which will trigger this message?  i can manufacture
> >> packets quite easily using bpf (except the ethernet source address),
> >> but can't get this code sequence to trigger.
> >
> >I think[1] an ARP packet from a different IPv4 network on your Ethernet will
> >trigger it. To be precise: an ARP packet with the src IPv4 address in the
> >data area belonging to a IPv4 address which does not belong to the IPv4 network
> >configures on the incoming interface.
> request or reply?  i guess i can try both...

requests are broadcast. Replies aren't.
Furthermore, replies won't be sent if they fail the abovementioned check.

So I guess in normal practice (that is, unintentional misconfigurations)
you won't ever see those events being triggered by reply packets, only
by requests.

But yes, you could probably send replies to a single machine with the dst
IP address in the packet pointing to outside of the subnet of the target
machine; all you need to send a reply is the Ethernet-and-friends MAC or
ARCnet node id.