View Issue Details

IDProjectCategoryView StatusLast Update
0015915CentOS-7arpwatchpublic2019-03-12 23:57
Status newResolutionopen 
PlatformIntel XeonOSCentOS 7OS Version7.6.1810
Product Version7.6.1810 
Target VersionFixed in Version 
Summary0015915: arpwatch reports "bad hardware format" for 802.1Q packets, filling the log file
DescriptionVLAN tagged packets (802.1Q) are reported as having "bad hardware format" by arpwatch-2.1a15-36.el7.x86_64 and thereby filling the syslog with these reports.

17:06:09.415338 xx:xx:xx:xx:xx:xx (oui Unknown) > yy:yy:yy:yy:yy:yy (oui Unknown), 802.3, length 39: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.zz:zz:zz:zz:zz:zz.8214, length 43

This is not a new complaint, e.g., see:

Steps To Reproduce1. Install arpwatch
2. Run arpwatch
3. Watch these error messages fill the syslog
TagsNo tags attached.




2019-03-12 21:23

manager   ~0033987

As you can read from your mentioned bug report - it is closed due to EOL of that fedora version. Since CentOS rebuilds the sources from RHEL, you need to file this bug (and please cross reference it here) against RedHats bugzilla - section RHEL-7. Once/if RH fixes the issue, CentOS will inherit the fix.


2019-03-12 21:49

manager   ~0033988

2.1a15 seems to have this issue in general. Debians fix was to '+ * ignore 802.1q (vlan) frames' in release 2.1a15-3. Have you tried to run arpwatch on the VLAN-IF itself, not on the trunk-IF? I think that ARP-lookups only occur after the VLAN-frame has been processed/striped from the ethernet frame.


2019-03-12 23:16

reporter   ~0033989

Thanks. If you mean setting the IP address of this arpwatch box to something in the native VLAN, I can't do that, it's out of my "jurisdiction".

I'll try opening a bug on the RH bugzilla; I chose the CentOS bugzilla thinking that RH wouldn't accept a bug when I'm reporting it as existing on CentOS, but maybe I'm wrong.

I knew that the bug I linked to was closed EOL on Fedora. That's a terrible way to handle things IMNSHO - instead of carrying the bug forward to the current release, it just gets dropped (until someone reposts it at which point it will again likely get closed EOL).


2019-03-12 23:57

reporter   ~0033990

OK, I opened this bug on the RedHat bugzilla:

Issue History

Date Modified Username Field Change
2019-03-12 21:16 kenbell New Issue
2019-03-12 21:23 tigalch Note Added: 0033987
2019-03-12 21:49 tigalch Note Added: 0033988
2019-03-12 23:16 kenbell Note Added: 0033989
2019-03-12 23:57 kenbell Note Added: 0033990