View Issue Details

IDProjectCategoryView StatusLast Update
0015915CentOS-7arpwatchpublic2019-03-12 23:57
Reporterkenbell 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformIntel XeonOSCentOS 7OS Version7.6.1810
Product Version7.6.1810 
Target VersionFixed in Version 
Summary0015915: arpwatch reports "bad hardware format" for 802.1Q packets, filling the log file
DescriptionVLAN tagged packets (802.1Q) are reported as having "bad hardware format" by arpwatch-2.1a15-36.el7.x86_64 and thereby filling the syslog with these reports.

17:06:09.415338 xx:xx:xx:xx:xx:xx (oui Unknown) > yy:yy:yy:yy:yy:yy (oui Unknown), 802.3, length 39: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.zz:zz:zz:zz:zz:zz.8214, length 43

This is not a new complaint, e.g., see:

https://bugzilla.redhat.com/show_bug.cgi?id=1297945

Steps To Reproduce1. Install arpwatch
2. Run arpwatch
3. Watch these error messages fill the syslog
TagsNo tags attached.
abrt_hash
URL

Activities

tigalch

tigalch

2019-03-12 21:23

manager   ~0033987

As you can read from your mentioned bug report - it is closed due to EOL of that fedora version. Since CentOS rebuilds the sources from RHEL, you need to file this bug (and please cross reference it here) against RedHats bugzilla - section RHEL-7. Once/if RH fixes the issue, CentOS will inherit the fix.
tigalch

tigalch

2019-03-12 21:49

manager   ~0033988

2.1a15 seems to have this issue in general. Debians fix was to '+ * ignore 802.1q (vlan) frames' in release 2.1a15-3. Have you tried to run arpwatch on the VLAN-IF itself, not on the trunk-IF? I think that ARP-lookups only occur after the VLAN-frame has been processed/striped from the ethernet frame.
kenbell

kenbell

2019-03-12 23:16

reporter   ~0033989

Thanks. If you mean setting the IP address of this arpwatch box to something in the native VLAN, I can't do that, it's out of my "jurisdiction".

I'll try opening a bug on the RH bugzilla; I chose the CentOS bugzilla thinking that RH wouldn't accept a bug when I'm reporting it as existing on CentOS, but maybe I'm wrong.

I knew that the bug I linked to was closed EOL on Fedora. That's a terrible way to handle things IMNSHO - instead of carrying the bug forward to the current release, it just gets dropped (until someone reposts it at which point it will again likely get closed EOL).
kenbell

kenbell

2019-03-12 23:57

reporter   ~0033990

OK, I opened this bug on the RedHat bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1688031

Issue History

Date Modified Username Field Change
2019-03-12 21:16 kenbell New Issue
2019-03-12 21:23 tigalch Note Added: 0033987
2019-03-12 21:49 tigalch Note Added: 0033988
2019-03-12 23:16 kenbell Note Added: 0033989
2019-03-12 23:57 kenbell Note Added: 0033990