Bug 149003 - arpwatch does only support one interface
Summary: arpwatch does only support one interface
Status: RESOLVED FIXED
: 245181 337130 (view as bug list)
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Network (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Enhancement
Target Milestone: ---
Assignee: Roman Drahtmueller
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-08 08:37 UTC by Christian Andretzky
Modified: 2008-11-12 10:33 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Andretzky 2006-02-08 08:37:11 UTC 
following the description in /etc/sysconfig/arpwatch it should be possible to watch more than one interface simultaneously. Unfortunately this does not work.
If you enter more than one interface (for example -i eth0 -i eth1 ...) then the winner is the last interface in the list. To watch more than one interface simultaneously the arpwatch daemon has to run separately for each interface. But in this case it is necessary to specify separate log files for each instance of arpwatch.
Comment 1 Michael Gross 2006-02-08 12:13:49 UTC 
Sounds like an enhancement.
Comment 2 Christian Andretzky 2006-02-08 13:08:34 UTC 
Quick and drity fix for this:

[part of /etc/init.d/arpwatch ]
.
.
.
case "$1" in
   start)
     echo -n "Starting arpwatch"
     for interface in $ARPWATCH_INTERFACE; do
       #    ARPWATCH_ARGS="$ARPWATCH_ARGS -i $interface"
       ARPLOGFILE=/var/lib/arpwatch/arp.${interface}.dat
       touch $ARPLOGFILE
       #startproc $ARPWATCH $ARPWATCH_ARGS -f $ARPLOGFILE -i $interface
       $ARPWATCH $ARPWATCH_ARGS -f $ARPLOGFILE -i $interface
     done
     rc_status -v
     ;;
   stop)
     echo -n "Shutting down arpwatch"
     killproc -TERM $ARPWATCH
     rc_status -v
     ;;
.
.
.

startproc cannot be used because we try to start more than one instance of arpwatch.
Comment 3 Roman Drahtmueller 2008-11-12 10:27:58 UTC 
Fixed for 11.1/SLES11.

case "$1" in
    start)
        ARPWATCH_STARTED=0
        echo -n "Starting arpwatch"
        for interface in $ARPWATCH_INTERFACE; do
          if /sbin/ifstatus $interface > /dev/null 2>&1; then
            DATFILE=/var/lib/arpwatch/arp.dat.$interface
            if [ ! -f "$DATFILE" ]; then
              /bin/cp -a /var/lib/arpwatch/arp.dat $DATFILE
            fi
            TEMP_ARGS="$ARPWATCH_ARGS -i $interface -f $DATFILE"
            $ARPWATCH $TEMP_ARGS
            ARPWATCH_STARTED=$(( $ARPWATCH_STARTED + 1 ))
          else
            echo "${attn} interface ${warn}$interface ${attn} is not ready.${norm}"
          fi
        done
        if [ "$ARPWATCH_STARTED" = 0 ]; then
          startproc $ARPWATCH $ARPWATCH_ARGS
        fi
        rc_status -v
        ;;
    stop)
...
Comment 4 Roman Drahtmueller 2008-11-12 10:31:55 UTC 
*** Bug 245181 has been marked as a duplicate of this bug. ***
Comment 5 Roman Drahtmueller 2008-11-12 10:33:03 UTC 
*** Bug 337130 has been marked as a duplicate of this bug. ***