ARP moved messages in the logs

iBROX · September 28, 2021, 10:03:26 AM

Hi,

I'm getting the following messages in the dmesg and console log of my Opsense install :

vmx2: promiscuous mode enabled
arp: x.x.x.x moved from x.x.x.x to y.y.y.y on vmx2

https://lucatnt.com/2016/02/arp-moved-messages-in-freenaspfsense-explained/

I've tried a few things to turn this off but no matter what I do it still shows, I've added a system tunable of :

net.link.ether.inet.log_arp_movements = 0

I see that be added to /boot/loader.conf but after a reboot if I do a sysctl -a it shows it as a value of 1 :

net.link.ether.inet.log_arp_movements: 1

If I run sysctl -w after a reboot it stops the messages, however after a reboot it reverts back to a value of "1" and starts the messages again.

Any ideas?

supercm · December 08, 2021, 09:40:13 PM

Did you ever get anywhere with this for a long term fix? I am seeing the same thing with a handful of constant repeats.

42network · December 28, 2021, 04:18:26 AM

I can confirm this behavior still exists in 21.7. The tunable net.link.ether.inet.log_arp_movements is ignored by the boot logic even though it is clearly specified in /boot/loader.conf.

Is this thread sufficient for opening a bug report?

franco · December 28, 2021, 10:59:55 AM

Use /boot/loader.conf.local or better yet System: Settings: Tunables from GUI.

Cheers,
Franco

42network · December 28, 2021, 06:46:58 PM

Hi Franco! Merry Christmas and Happy New Year to you and yours!

The trouble is, I already have net.link.ether.inet.log_arp_movements = 0 set in the Tunables GUI. I set it a few months ago actually. OPNsense seems to be ignoring it.

(I attached a screenshot of my tunables setting but I am not sure if this forum software allows it.)

This is important to me because I have a house full of Apple/Bonjour devices which are very chatty with proxy ARP when they go to sleep, and this very quickly fills up the dmesg log and makes searching through the system log kinda painful.

Thanks/Nathan

franco · December 29, 2021, 12:24:15 PM

Upon closer inspection with an actual laptop you just want to set Interfaces: Settings: Suppress ARP messages which flips these values for you. It's a bit unfortunate that it overrides sysctls, but OTOH easier to maintain as a use case.

Cheers,
Franco

42network · January 01, 2022, 07:40:42 AM

So I understand correctly, you are suggesting enabling Interfaces->Settings->ARP Handling->Suppress ARP Messages? (screenshot attached)

There is a comment for this setting which says: "This option will suppress ARP log messages when multiple interfaces reside on the same broadcast domain". Can you elaborate on this point? This seems to be a global all-or-nothing setting which will suppress all ARP messages.

I'm not sure that is what we are after. We just want the ARP movement messages suppressed. Will your suggestion achieve that goal?

Thanks

franco · January 01, 2022, 10:48:09 AM

The "risk" posed by the option is two sysctls:

net.link.ether.inet.log_arp_wrong_iface=1
net.link.ether.inet.log_arp_movements=1

If you don't want this the only option is to alter the source code, but that will be lost on the next update.

Cheers,
Franco

ARP moved messages in the logs

iBROX

September 28, 2021, 10:03:26 AM

supercm

December 08, 2021, 09:40:13 PM #1

42network

December 28, 2021, 04:18:26 AM #2

franco

December 28, 2021, 10:59:55 AM #3

42network

December 28, 2021, 06:46:58 PM #4

franco

December 29, 2021, 12:24:15 PM #5

42network

January 01, 2022, 07:40:42 AM #6

franco

January 01, 2022, 10:48:09 AM #7