[patch] sysctl to not log arp "host is not on local network"

To: tech-kern%netbsd.org@localhost
Subject: [patch] sysctl to not log arp "host is not on local network"
From: Adrien Urban <adrien.urban%nbs-system.com@localhost>
Date: Thu, 13 Nov 2014 12:04:45 +0100

Hello,


Hosts on our network tend to get "alot" of messages like:

/netbsd: arplookup: unable to enter address for
10.x.x.x@xx:xx:xx:xx:xx:xx on xennet1 (host is not on local network)

Enough to get log/messages to get rotated every 6 hours.

We know we do have such arp on our network, which is "normal" for us.
Trying to search a way to reduce those messages, and prevent those
specific messages to be logged, we couldn't find any option to.

As there are already sysctl configs to suppress some arp messages, what
about also adding a sysctl for that one ?


Here is a patch that does exactly that, and nothing more. Of course,
default behaviour unchanged, logging those per default.


Regards,
-- 
Adrien URBAN, Expert Systèmes - Réseaux - Sécurité - Responsable R&D
---
NBS System (Paris - London) | www.nbs-system.com | twitter : @nbs_system
Std: +33 158 566 080 / Fax: +33 158 566 081

Index: sys/netinet/if_arp.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/if_arp.c,v
retrieving revision 1.154.2.1
diff -u -r1.154.2.1 if_arp.c
--- sys/netinet/if_arp.c	3 Jun 2014 15:34:00 -0000	1.154.2.1
+++ sys/netinet/if_arp.c	13 Nov 2014 10:57:21 -0000
@@ -195,6 +195,8 @@
 static int log_permanent_modify = 1;
 static int log_wrong_iface = 1;
 
+static int log_unknown_network = 1;
+
 /*
  * this should be elsewhere.
  */
@@ -1306,17 +1308,19 @@
 		return (struct llinfo_arp *)rt->rt_llinfo;
 
 	if (create) {
-		if (rt->rt_flags & RTF_GATEWAY)
-			why = "host is not on local network";
-		else if ((rt->rt_flags & RTF_LLINFO) == 0) {
+		if (rt->rt_flags & RTF_GATEWAY) {
+                        if (log_unknown_network)
+				why = "host is not on local network";
+		} else if ((rt->rt_flags & RTF_LLINFO) == 0) {
 			ARP_STATINC(ARP_STAT_ALLOCFAIL);
 			why = "could not allocate llinfo";
 		} else
 			why = "gateway route is not ours";
-		log(LOG_DEBUG, "arplookup: unable to enter address"
-		    " for %s@%s on %s (%s)\n",
-		    in_fmtaddr(*addr), lla_snprintf(ar_sha(ah), ah->ar_hln),
-		    (ifp) ? ifp->if_xname : "null", why);
+		if (why != NULL)
+			log(LOG_DEBUG, "arplookup: unable to enter address"
+			    " for %s@%s on %s (%s)\n",
+			    in_fmtaddr(*addr), lla_snprintf(ar_sha(ah),
+			    ah->ar_hln), (ifp) ? ifp->if_xname : "null", why);
 		if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_CLONED) != 0) {
 			rtrequest(RTM_DELETE, rt_getkey(rt),
 		    	    rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
@@ -1708,6 +1712,13 @@
 			    " interface"),
 			NULL, 0, &log_wrong_iface, 0,
 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+	sysctl_createv(clog, 0, NULL, NULL,
+			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+			CTLTYPE_INT, "log_unknown_network",
+			SYSCTL_DESCR("log ARP packets from non-local network"),
+			NULL, 0, &log_unknown_network, 0,
+			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 }
 
 #endif /* INET */

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: [patch] sysctl to not log arp "host is not on local network"
  - From: Christos Zoulas

Prev by Date: Re: struct ifnet and ifaddr handling [was: Re: Making global variables of if.c MPSAFE]
Next by Date: Re: [patch] sysctl to not log arp "host is not on local network"
Previous by Thread: Converting kernel printf() to aprint_*() or log()
Next by Thread: Re: [patch] sysctl to not log arp "host is not on local network"
Indexes:

Home | Main Index | Thread Index | Old Index