Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: iBROX on September 28, 2021, 10:03:26 AM

Title: ARP moved messages in the logs
Post by: iBROX on September 28, 2021, 10:03:26 AM
Hi,

I'm getting the following messages in the dmesg and console log of my Opsense install :


vmx2: promiscuous mode enabled
arp: x.x.x.x moved from x.x.x.x to y.y.y.y on vmx2


https://lucatnt.com/2016/02/arp-moved-messages-in-freenaspfsense-explained/


I've tried a few things to turn this off but no matter what I do it still shows, I've added a system tunable of :

net.link.ether.inet.log_arp_movements = 0

I see that be added to /boot/loader.conf but after a reboot if I do a sysctl -a it shows it as a value of 1 :

net.link.ether.inet.log_arp_movements: 1

If I run sysctl -w after a reboot it stops the messages, however after a reboot it reverts back to a value of "1" and starts the messages again.

Any ideas?
Title: Re: ARP moved messages in the logs
Post by: supercm on December 08, 2021, 09:40:13 PM
Did you ever get anywhere with this for a long term fix? I am seeing the same thing with a handful of constant repeats.
Title: Re: ARP moved messages in the logs
Post by: 42network on December 28, 2021, 04:18:26 AM
I can confirm this behavior still exists in 21.7. The tunable net.link.ether.inet.log_arp_movements is ignored by the boot logic even though it is clearly specified in /boot/loader.conf.

Is this thread sufficient for opening a bug report?
Title: Re: ARP moved messages in the logs
Post by: franco on December 28, 2021, 10:59:55 AM
Use /boot/loader.conf.local or better yet System: Settings: Tunables from GUI.


Cheers,
Franco
Title: Re: ARP moved messages in the logs
Post by: 42network on December 28, 2021, 06:46:58 PM
Hi Franco! Merry Christmas and Happy New Year to you and yours!

The trouble is, I already have net.link.ether.inet.log_arp_movements = 0 set in the Tunables GUI. I set it a few months ago actually. OPNsense seems to be ignoring it.

(I attached a screenshot of my tunables setting but I am not sure if this forum software allows it.)

This is important to me because I have a house full of Apple/Bonjour devices which are very chatty with proxy ARP when they go to sleep, and this very quickly fills up the dmesg log and makes searching through the system log kinda painful.

Thanks/Nathan
Title: Re: ARP moved messages in the logs
Post by: franco on December 29, 2021, 12:24:15 PM
Upon closer inspection with an actual laptop you just want to set Interfaces: Settings: Suppress ARP messages which flips these values for you. It's a bit unfortunate that it overrides sysctls, but OTOH easier to maintain as a use case.


Cheers,
Franco
Title: Re: ARP moved messages in the logs
Post by: 42network on January 01, 2022, 07:40:42 AM
So I understand correctly, you are suggesting enabling Interfaces->Settings->ARP Handling->Suppress ARP Messages? (screenshot attached)

There is a comment for this setting which says: "This option will suppress ARP log messages when multiple interfaces reside on the same broadcast domain". Can you elaborate on this point? This seems to be a global all-or-nothing setting which will suppress all ARP messages.

I'm not sure that is what we are after. We just want the ARP movement messages suppressed. Will your suggestion achieve that goal?

Thanks
Title: Re: ARP moved messages in the logs
Post by: franco on January 01, 2022, 10:48:09 AM
The "risk" posed by the option is two sysctls:

net.link.ether.inet.log_arp_wrong_iface=1
net.link.ether.inet.log_arp_movements=1

If you don't want this the only option is to alter the source code, but that will be lost on the next update.


Cheers,
Franco
Text only | Text with Images