[Linux] linux et requêtes arp

Mar 19 Déc 18:06:06 CET 2006

> Le Lundi 18 Décembre 2006 11:18, Nicolas Figaro a écrit :

>> est-il possible de faire générér du log à propos de ces requêtes arp ?
>
> arpwatch le fait.
>
>

Ouais et arpwatch va même plus loin que ça, pour juste voir les
requêtes/réponses émises par une machine:

sudo tcpdump -i -n -vv ethX arp and ether host XX:XX:XX:XX:XX:XX

>> quelqu'un sait-il quel démon ou prog répond aux requêtes arp sous
>
>> exactement ? )
>
> Bonne question...
>

/usr/src/linux/net/ipv4/arp.c

/*
 *  Process entry.  The idea here is we want to send a reply if it is a
 *  request for us or if it is a request for someone else that we hold
 *  a proxy for.  We want to add an entry to our cache if it is a reply
 *  to us or if it is a request for our address.
 *  (The assumption for this last is that if someone is requesting our
 *  address, they are probably intending to talk to us, so it saves time
 *  if we cache their address.  Their address is also probably not in
 *  our cache, since ours is not in their cache.)
 *
 *  Putting this another way, we only care about replies if they are to
 *  us, in which case we add them to the cache.  For requests, we care
 *  about those for us and those for our proxies.  We reply to both,
 *  and in the case of requests for us we add the requester to the arp
 *  cache.
 */

[...]

if (addr_type == RTN_LOCAL) {
 n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
if (n) {
int dont_send = 0;

if (!dont_send)
 dont_send |= arp_ignore(in_dev,dev,sip,tip);
if (!dont_send && IN_DEV_ARPFILTER(in_dev))
 dont_send |= arp_filter(sip,tip,dev);
 if (!dont_send)
                                        arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);

neigh_release(n);

}
goto out;
}

Mehdi