View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0015915||CentOS-7||arpwatch||public||2019-03-12 21:16||2019-03-12 23:57|
|Platform||Intel Xeon||OS||CentOS 7||OS Version||7.6.1810|
|Target Version||Fixed in Version|
|Summary||0015915: arpwatch reports "bad hardware format" for 802.1Q packets, filling the log file|
|Description||VLAN tagged packets (802.1Q) are reported as having "bad hardware format" by arpwatch-2.1a15-36.el7.x86_64 and thereby filling the syslog with these reports.|
17:06:09.415338 xx:xx:xx:xx:xx:xx (oui Unknown) > yy:yy:yy:yy:yy:yy (oui Unknown), 802.3, length 39: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.zz:zz:zz:zz:zz:zz.8214, length 43
This is not a new complaint, e.g., see:
|Steps To Reproduce||1. Install arpwatch|
2. Run arpwatch
3. Watch these error messages fill the syslog
|Tags||No tags attached.|
|As you can read from your mentioned bug report - it is closed due to EOL of that fedora version. Since CentOS rebuilds the sources from RHEL, you need to file this bug (and please cross reference it here) against RedHats bugzilla - section RHEL-7. Once/if RH fixes the issue, CentOS will inherit the fix.|
|2.1a15 seems to have this issue in general. Debians fix was to '+ * ignore 802.1q (vlan) frames' in release 2.1a15-3. Have you tried to run arpwatch on the VLAN-IF itself, not on the trunk-IF? I think that ARP-lookups only occur after the VLAN-frame has been processed/striped from the ethernet frame.|
Thanks. If you mean setting the IP address of this arpwatch box to something in the native VLAN, I can't do that, it's out of my "jurisdiction".
I'll try opening a bug on the RH bugzilla; I chose the CentOS bugzilla thinking that RH wouldn't accept a bug when I'm reporting it as existing on CentOS, but maybe I'm wrong.
I knew that the bug I linked to was closed EOL on Fedora. That's a terrible way to handle things IMNSHO - instead of carrying the bug forward to the current release, it just gets dropped (until someone reposts it at which point it will again likely get closed EOL).
OK, I opened this bug on the RedHat bugzilla: