Subject: Re: arp warning message
To: Andrew Brown <firstname.lastname@example.org>
From: Ignatios Souvatzis <email@example.com>
Date: 08/17/2000 21:22:42
On Thu, Aug 17, 2000 at 02:54:03PM -0400, Andrew Brown wrote:
> >> arplookup() in if_arp.c sometimes spews this message
> >> "arplookup: unable to enter address for %s (%s)"
> >> and i thought i understood what triggered it, but apparently i'm
> >> wrong. or...i'm not the net.hacker i thought i was.
> >> can someone please describe a packet or sequence of packets (i imagine
> >> two at most) which will trigger this message? i can manufacture
> >> packets quite easily using bpf (except the ethernet source address),
> >> but can't get this code sequence to trigger.
> >I think an ARP packet from a different IPv4 network on your Ethernet will
> >trigger it. To be precise: an ARP packet with the src IPv4 address in the
> >data area belonging to a IPv4 address which does not belong to the IPv4 network
> >configures on the incoming interface.
> request or reply? i guess i can try both...
requests are broadcast. Replies aren't.
Furthermore, replies won't be sent if they fail the abovementioned check.
So I guess in normal practice (that is, unintentional misconfigurations)
you won't ever see those events being triggered by reply packets, only
But yes, you could probably send replies to a single machine with the dst
IP address in the packet pointing to outside of the subnet of the target
machine; all you need to send a reply is the Ethernet-and-friends MAC or
ARCnet node id.