Sat Aug 27 09:05:55 2011 UTC ()
Add 3 logging sysctls for arp from freebsd:

1. log_movements: do you want to log the arp overwritten message or not?
2. log_wrong_iface: do you want to log when an arp arrives at the wrong
   interface?
3. log_permanent_modify: do you want to log when an arp message attempts
   to overwrite a static entry?

I did not call the sysctls log_arp like FreeBSD does, because we already
have an arp sysctl level. The default is on for all three of them.


(christos)
diff -r1.151 -r1.152 src/sys/netinet/if_arp.c
cvs diff -r1.151 -r1.152 src/sys/netinet/if_arp.c (expand / switch to context diff)
--- src/sys/netinet/if_arp.c 2011/05/03 16:00:29 1.151
+++ src/sys/netinet/if_arp.c 2011/08/27 09:05:54 1.152
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_arp.c,v 1.151 2011/05/03 16:00:29 dyoung Exp $	*/
+/*	$NetBSD: if_arp.c,v 1.152 2011/08/27 09:05:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.151 2011/05/03 16:00:29 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.152 2011/08/27 09:05:54 christos Exp $");
 
 #include "opt_ddb.h"
 #include "opt_inet.h"
@@ -191,6 +191,10 @@
 
 static int arp_drainwanted;
 
+static int log_movements = 1;
+static int log_permanent_modify = 1;
+static int log_wrong_iface = 1;
+
 /*
  * this should be elsewhere.
  */
@@ -1085,6 +1089,8 @@
 		    memcmp(ar_sha(ah), CLLADDR(sdl), sdl->sdl_alen)) {
 			if (rt->rt_flags & RTF_STATIC) {
 				ARP_STATINC(ARP_STAT_RCVOVERPERM);
+				if (!log_permanent_modify)
+					goto out;
 				log(LOG_INFO,
 				    "%s tried to overwrite permanent arp info"
 				    " for %s\n",
@@ -1093,6 +1099,8 @@
 				goto out;
 			} else if (rt->rt_ifp != ifp) {
 				ARP_STATINC(ARP_STAT_RCVOVERINT);
+				if (!log_wrong_iface)
+					goto out;
 				log(LOG_INFO,
 				    "%s on %s tried to overwrite "
 				    "arp info for %s on %s\n",
@@ -1102,10 +1110,12 @@
 				    goto out;
 			} else {
 				ARP_STATINC(ARP_STAT_RCVOVER);
-				log(LOG_INFO,
-				    "arp info overwritten for %s by %s\n",
-				    in_fmtaddr(isaddr),
-				    lla_snprintf(ar_sha(ah), ah->ar_hln));
+				if (log_movements)
+					log(LOG_INFO, "arp info overwritten "
+					    "for %s by %s\n",
+					    in_fmtaddr(isaddr),
+					    lla_snprintf(ar_sha(ah),
+					    ah->ar_hln));
 			}
 		}
 		/*
@@ -1641,21 +1651,21 @@
 	sysctl_createv(clog, 0, NULL, NULL,
 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 			CTLTYPE_INT, "prune",
-			SYSCTL_DESCR("ARP cache pruning interval"),
+			SYSCTL_DESCR("ARP cache pruning interval in seconds"),
 			NULL, 0, &arpt_prune, 0,
 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 
 	sysctl_createv(clog, 0, NULL, NULL,
 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 			CTLTYPE_INT, "keep",
-			SYSCTL_DESCR("Valid ARP entry lifetime"),
+			SYSCTL_DESCR("Valid ARP entry lifetime in seconds"),
 			NULL, 0, &arpt_keep, 0,
 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 
 	sysctl_createv(clog, 0, NULL, NULL,
 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 			CTLTYPE_INT, "down",
-			SYSCTL_DESCR("Failed ARP entry lifetime"),
+			SYSCTL_DESCR("Failed ARP entry lifetime in seconds"),
 			NULL, 0, &arpt_down, 0,
 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 
@@ -1671,6 +1681,30 @@
 			CTLTYPE_STRUCT, "stats",
 			SYSCTL_DESCR("ARP statistics"),
 			sysctl_net_inet_arp_stats, 0, NULL, 0,
+			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+	sysctl_createv(clog, 0, NULL, NULL,
+			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+			CTLTYPE_INT, "log_movements",
+			SYSCTL_DESCR("log ARP replies from MACs different than"
+			    " the one in the cache"),
+			NULL, 0, &log_movements, 0,
+			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+	sysctl_createv(clog, 0, NULL, NULL,
+			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+			CTLTYPE_INT, "log_permanent_modify",
+			SYSCTL_DESCR("log ARP replies from MACs different than"
+			    " the one in the permanent arp entry"),
+			NULL, 0, &log_permanent_modify, 0,
+			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
+
+	sysctl_createv(clog, 0, NULL, NULL,
+			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+			CTLTYPE_INT, "log_wrong_iface",
+			SYSCTL_DESCR("log ARP packets arriving on the wrong"
+			    " interface"),
+			NULL, 0, &log_wrong_iface, 0,
 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
 }