ARP moved messages in the logs

[iBROX]

Hi,

I'm getting the following messages in the dmesg and console log of my Opsense install :


vmx2: promiscuous mode enabled
arp: x.x.x.x moved from x.x.x.x to y.y.y.y on vmx2


https://lucatnt.com/2016/02/arp-moved-messages-in-freenaspfsense-explained/


I've tried a few things to turn this off but no matter what I do it still shows, I've added a system tunable of :

net.link.ether.inet.log_arp_movements = 0

I see that be added to /boot/loader.conf but after a reboot if I do a sysctl -a it shows it as a value of 1 :

net.link.ether.inet.log_arp_movements: 1

If I run sysctl -w after a reboot it stops the messages, however after a reboot it reverts back to a value of "1" and starts the messages again.

Any ideas?

[supercm]

Did you ever get anywhere with this for a long term fix? I am seeing the same thing with a handful of constant repeats.

[42network]

I can confirm this behavior still exists in 21.7. The tunable net.link.ether.inet.log_arp_movements is ignored by the boot logic even though it is clearly specified in /boot/loader.conf.

Is this thread sufficient for opening a bug report?

[franco]

Use /boot/loader.conf.local or better yet System: Settings: Tunables from GUI.


Cheers,
Franco

[42network]

Hi Franco! Merry Christmas and Happy New Year to you and yours!

The trouble is, I already have net.link.ether.inet.log_arp_movements = 0 set in the Tunables GUI. I set it a few months ago actually. OPNsense seems to be ignoring it.

(I attached a screenshot of my tunables setting but I am not sure if this forum software allows it.)

This is important to me because I have a house full of Apple/Bonjour devices which are very chatty with proxy ARP when they go to sleep, and this very quickly fills up the dmesg log and makes searching through the system log kinda painful.

Thanks/Nathan

[franco]

Upon closer inspection with an actual laptop you just want to set Interfaces: Settings: Suppress ARP messages which flips these values for you. It's a bit unfortunate that it overrides sysctls, but OTOH easier to maintain as a use case.


Cheers,
Franco

[42network]

So I understand correctly, you are suggesting enabling Interfaces->Settings->ARP Handling->Suppress ARP Messages? (screenshot attached)

There is a comment for this setting which says: "This option will suppress ARP log messages when multiple interfaces reside on the same broadcast domain". Can you elaborate on this point? This seems to be a global all-or-nothing setting which will suppress all ARP messages.

I'm not sure that is what we are after. We just want the ARP movement messages suppressed. Will your suggestion achieve that goal?

Thanks

[franco]

The "risk" posed by the option is two sysctls:

net.link.ether.inet.log_arp_wrong_iface=1
net.link.ether.inet.log_arp_movements=1

If you don't want this the only option is to alter the source code, but that will be lost on the next update.


Cheers,
Franco