Re: Any way to suppress select arp messages?

[christos%astron.com@localhost (Christos Zoulas)]

In article <01O5BAGXIFWY8ZRPMZ%ecr6.ohio-state.edu@localhost>,
Michael T. Davis <DAVISM%ecr6.ohio-state.edu@localhost> wrote:
>
>At 16:55:53.76 on 26-AUG-2011 in message
><2192B1A2-FF8A-4835-A16C-948CD13E1CEB%mac.com@localhost>, Chuck Swiger 
><cswiger%mac.com@localhost>
>wrote:
>
>>On Aug 26, 2011, at 1:51 PM, Michael T. Davis wrote:
>>> We have a number of Windows systems with multiple network interfaces
>>> that are "ganged" via Intel's load balancing configuration.  Our NetBSD
>>> (i386 5.1 release) firewall keeps reporting ARP messages of the following
>> form:
>>
>>Do you have a net.link.ether.inet.log_arp_movements sysctl available?  Turn
>> if off...
>
>`sysctl -a|grep log_arp_movements' doesn't report anything, so I believe that
>means this isn't available.

Here's a patch [untested].

christos

Index: if_arp.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/if_arp.c,v
retrieving revision 1.151
diff -u -r1.151 if_arp.c
--- if_arp.c    3 May 2011 16:00:29 -0000       1.151
+++ if_arp.c    27 Aug 2011 08:34:54 -0000
@@ -191,6 +191,10 @@
 
 static int arp_drainwanted;
 
+static int log_arp_movements = 1;
+static int log_arp_permanent_modify = 1;
+static int log_arp_wrong_iface = 1;
+
 /*
  * this should be elsewhere.
  */
@@ -1085,6 +1089,8 @@
                    memcmp(ar_sha(ah), CLLADDR(sdl), sdl->sdl_alen)) {
                        if (rt->rt_flags & RTF_STATIC) {
                                ARP_STATINC(ARP_STAT_RCVOVERPERM);
+                               if (!log_arp_permanent_modify)
+                                       goto out;
                                log(LOG_INFO,
                                    "%s tried to overwrite permanent arp info"
                                    " for %s\n",
@@ -1093,6 +1099,8 @@
                                goto out;
                        } else if (rt->rt_ifp != ifp) {
                                ARP_STATINC(ARP_STAT_RCVOVERINT);
+                               if (!log_arp_wrong_iface)
+                                       goto out;
                                log(LOG_INFO,
                                    "%s on %s tried to overwrite "
                                    "arp info for %s on %s\n",
@@ -1102,10 +1110,12 @@
                                    goto out;
                        } else {
                                ARP_STATINC(ARP_STAT_RCVOVER);
-                               log(LOG_INFO,
-                                   "arp info overwritten for %s by %s\n",
-                                   in_fmtaddr(isaddr),
-                                   lla_snprintf(ar_sha(ah), ah->ar_hln));
+                               if (log_arp_movements)
+                                       log(LOG_INFO, "arp info overwritten "
+                                           "for %s by %s\n",
+                                           in_fmtaddr(isaddr),
+                                           lla_snprintf(ar_sha(ah),
+                                           ah->ar_hln));
                        }
                }
                /*
@@ -1641,21 +1651,21 @@
        sysctl_createv(clog, 0, NULL, NULL,
                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
                        CTLTYPE_INT, "prune",
-                       SYSCTL_DESCR("ARP cache pruning interval"),
+                       SYSCTL_DESCR("ARP cache pruning interval in seconds"),
                        NULL, 0, &arpt_prune, 0,
                        CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 
        sysctl_createv(clog, 0, NULL, NULL,
                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
                        CTLTYPE_INT, "keep",
-                       SYSCTL_DESCR("Valid ARP entry lifetime"),
+                       SYSCTL_DESCR("Valid ARP entry lifetime in seconds"),
                        NULL, 0, &arpt_keep, 0,
                        CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 
        sysctl_createv(clog, 0, NULL, NULL,
                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
                        CTLTYPE_INT, "down",
-                       SYSCTL_DESCR("Failed ARP entry lifetime"),
+                       SYSCTL_DESCR("Failed ARP entry lifetime in seconds"),
                        NULL, 0, &arpt_down, 0,
                        CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 
@@ -1672,6 +1682,30 @@
                        SYSCTL_DESCR("ARP statistics"),
                        sysctl_net_inet_arp_stats, 0, NULL, 0,
                        CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+       sysctl_createv(clog, 0, NULL, NULL,
+                       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                       CTLTYPE_INT, "log_arp_movements",
+                       SYSCTL_DESCR("log arp replies from MACs different than"
+                           " the one in the cache"),
+                       NULL, 0, &log_arp_movements, 0,
+                       CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+       sysctl_createv(clog, 0, NULL, NULL,
+                       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                       CTLTYPE_INT, "log_arp_permanent_modify",
+                       SYSCTL_DESCR("log arp replies from MACs different than"
+                           " the one in the permanent arp entry"),
+                       NULL, 0, &log_arp_permanent_modify, 0,
+                       CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+       sysctl_createv(clog, 0, NULL, NULL,
+                       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                       CTLTYPE_INT, "log_arp_wrong_iface",
+                       SYSCTL_DESCR("log arp packets arriving on the wrong"
+                           " interface"),
+                       NULL, 0, &log_arp_wrong_iface, 0,
+                       CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 }
 
 #endif /* INET */