Created attachment 160178 [details] patch to net-mgmt/arpwatch net-mgmt/arpwatch complains verbosely in the presence of machines that use CARP: 2015-08-21T01:21:00+00:00 host.example.com arpwatch: ethernet mismatch 10.0.0.254 0:25:33:22:11:00 (0:0:5e:0:1:1) I found an email from Jordan Gordeev from 2006 that contains a patch to silence these messages: https://lists.freebsd.org/pipermail/freebsd-net/2006-November/012476.html The attached file adds a build option called NOVRRP that causes arpwatch to ignore MAC addresses that use the VRRP/CARP ethernet prefix.
Created attachment 160180 [details] patch to net-mgmt/arpwatch Patch to net-mgmt/arpwatch that enables arpwatch to ignore ARP traffic involving CARP/VRRP addresses.
Would you mind to provide the patch so that it can be switched on/off using a command line option ? Sometimes the use of carp / vrrp might not be known in advance and then arpwatch can be used to detect it.
please note that https://svnweb.freebsd.org/changeset/ports/412035 is adding a -z flag, maybe you can provide some similar patch for VRRP/CARP ?
Created attachment 174134 [details] patch-v3 add the vrrp option as command line option
A commit references this bug: Author: pi Date: Sat Aug 27 20:14:48 UTC 2016 New revision: 420995 URL: https://svnweb.freebsd.org/changeset/ports/420995 Log: net-mgmt/arpwatch: add flag -v to ignore VRRP/CARP traffic - The -v flag disables reporting on VRRP/CARP ethernet prefixes as described in RFC5798 (00:00:5e:00:01:xx) PR: 202548 Submitted by: paul@dokas.name Changes: head/net-mgmt/arpwatch/Makefile head/net-mgmt/arpwatch/files/patch-arpwatch.8 head/net-mgmt/arpwatch/files/patch-arpwatch.c head/net-mgmt/arpwatch/files/patch-util.c head/net-mgmt/arpwatch/files/patch-util.h
Committed, thanks!