Package: arpwatch Version: 2.1a15-1.1 Severity: important Tags: upstream When running arpwatch on a plain Ethernet interface when packets with 802.1Q VLAN tags are present, arpwatch syslogs an error of the form:
sent bad hardware format ... for each and every incoming ARP packet with a VLAN tag. The problem seems to be that pcap recognizes tagged as well as untagged ARP packets and passes them to arpwatch with the 802.1Q VLAN tags present. Since the 802.1Q tag inserts 32 bits between the MAC source address and the original Ethernet type field (0x806), the ARP data fields are not where arpwatch expects to see them. I would patch this myself except that I'm not sure what the correct fix should be. Should arpwatch discard tagged ARP packets entirely? Or should it strip 802.1Q tags and process the subsequent ARP data fields as though the packet had not been tagged in the first place? -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38.4-homer (SMP w/8 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages arpwatch depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libpcap0.8 1.1.1-3 system interface for user-level pa arpwatch recommends no packages. arpwatch suggests no packages. -- Configuration Files: /etc/arpwatch.conf changed [not included] /etc/default/arpwatch changed [not included] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
