From owner-freebsd-security@FreeBSD.ORG  Sun Jan 18 12:56:24 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4190F16A4CE; Sun, 18 Jan 2004 12:56:24 -0800 (PST)
Received: from 82-41-27-158.cable.ubr04.edin.blueyonder.co.uk
	(82-41-27-158.cable.ubr04.edin.blueyonder.co.uk [82.41.27.158])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 368F943D41; Sun, 18 Jan 2004 12:56:21 -0800 (PST)
	(envelope-from andrew@cream.org)
Received: from cream.org (spatula.flat [192.168.0.2])
	by myriad.flat (Postfix) with ESMTP
	id 61EC9C2; Sun, 18 Jan 2004 19:49:03 +0000 (GMT)
Message-ID: <400AF2F7.60702@cream.org>
Date: Sun, 18 Jan 2004 20:56:23 +0000
From: Andrew Boothman <andrew@cream.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: horio shoichi <bugsgrief@bugsgrief.net>
References: <09bd01c3ddbc$9f829070$fa10fea9@bryanuptrvb0jc>
	<20040118.184351.3b20743ee03ef7d3.10.0.3.9@bugsgrief.net>
In-Reply-To: <20040118.184351.3b20743ee03ef7d3.10.0.3.9@bugsgrief.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
cc: freebsd-questions@freebsd.org
Subject: Re: arp problem in /var/log/messages
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jan 2004 20:56:24 -0000

horio shoichi wrote:

>>hi all, i got flooded by these msgs like 1000+ lines, any idea?
>>my kernel is dated Nov-30 FreeBSD 4.9-stable
>>
>># tail -f /var/log/messages
>>Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
>>to 00:50:0f:4f:c0:00 on rl0
>>Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00
>>to 00:04:5a:49:eb:74 on rl0
>>Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
>>to 00:50:0f:4f:c0:00 on rl0
>>Jan 18 19:45:41 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00
>>to 00:04:5a:49:eb:74 on rl0
>>Jan 18 19:45:45 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
>>to 00:50:0f:4f:c0:00 on rl0
> 
> 
> # sysctl net.link.ether.inet.log_arp_wrong_iface=1
> 
> should mask the messages.

Shouldn't that be net.link.ether.inet.log_arp_movements ?

myriad# sysctl -d net.link.ether.inet.log_arp_movements
net.link.ether.inet.log_arp_movements: log arp replies from MACs 
different than the one in the cache

I get these messages about 10/day on an interface that's connected to a 
cable modem network (Blueyonder in the UK).

I've just set this sysctl to see if it stops these messages for me.

Andrew