Hello community, here is the log from the commit of package arpwatch for openSUSE:Factory checked in at 2019-05-07 23:20:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/arpwatch (Old) and /work/SRC/openSUSE:Factory/.arpwatch.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "arpwatch" Tue May 7 23:20:15 2019 rev:29 rq:701315 version:2.1a15 Changes: -------- --- /work/SRC/openSUSE:Factory/arpwatch/arpwatch.changes 2019-04-01 12:37:40.149894611 +0200 +++ /work/SRC/openSUSE:Factory/.arpwatch.new.5148/arpwatch.changes 2019-05-07 23:20:18.977100176 +0200 @@ -1,0 +2,6 @@ +Tue May 7 08:51:31 UTC 2019 - Stefan Seyfried <seife+obs@b1-systems.com> + +- add 0001-Ignore-802.1Q-frames.patch to fix log spam on networks + with configured VLANs. (deb#625796) + +------------------------------------------------------------------- New: ---- 0001-Ignore-802.1Q-frames.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ arpwatch.spec ++++++ --- /var/tmp/diff_new_pack.qmOcEN/_old 2019-05-07 23:20:20.061102650 +0200 +++ /var/tmp/diff_new_pack.qmOcEN/_new 2019-05-07 23:20:20.065102659 +0200 @@ -41,6 +41,8 @@ Patch7: arpwatch-2.1a11-emailaddr.dif Patch8: arpwatch-2.1a15-massagevendor.patch Patch9: getnameinfo.patch +# PATCH-Fix-Upstream -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625796#20 -- seife+obs@b1-systems.com +Patch10: 0001-Ignore-802.1Q-frames.patch BuildRequires: libpcap-devel BuildRequires: postfix BuildRequires: systemd-rpm-macros @@ -72,6 +74,7 @@ %patch7 -p1 -E %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build %configure ++++++ 0001-Ignore-802.1Q-frames.patch ++++++
From 5d852d6f81d4022d500ccfea3e9b84a1d3b07dd0 Mon Sep 17 00:00:00 2001 From: Rob Leslie <rob@mars.org> Date: Sun, 10 Jun 2012 12:35:02 -0700 Subject: [PATCH] Ignore 802.1Q frames
Due to the way Linux packet filtering works, the pcap library will return ARP/RARP packets belonging to other VLANs when listening on the corresponding physical interface. This confuses arpwatch as it is not expecting such packets; the symptom is many "... sent bad hardware format ..." syslog messages. Since VLAN packets can be accessed via another interface and a separate arpwatch instance could be run there (if desired), we simply ignore all 802.1Q frames. --- arpwatch.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/arpwatch.c b/arpwatch.c index 9892894..30d9972 100644 --- a/arpwatch.c +++ b/arpwatch.c @@ -98,6 +98,10 @@ struct rtentry; #define ETHERTYPE_APOLLO 0x8019 #endif +#ifndef ETHERTYPE_VLAN +#define ETHERTYPE_VLAN 0x8100 +#endif + #ifndef IN_CLASSD_NET #define IN_CLASSD_NET 0xf0000000 #endif @@ -573,6 +577,14 @@ sanity_ether(register struct ether_header *eh, register struct ether_arp *ea, return(0); } + /* ignore 802.1Q (VLAN) frames */ + if (eh->ether_type == ETHERTYPE_VLAN) { + if (debug) + syslog(LOG_INFO, "ignoring 802.1Q frame from %s\n", + e2str(shost)); + return(0); + } + /* XXX sysv r4 seems to use hardware format 6 */ if (ea->arp_hrd != ARPHRD_ETHER && ea->arp_hrd != 6) { syslog(LOG_ERR, "%s sent bad hardware format 0x%x\n", -- 1.7.2.5