package/arpwatch/patches/012_debian_opt_nopromisc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

Index: arpwatch/arpwatch.8
diff -u arpwatch/arpwatch.8:1.1.1.1 arpwatch/arpwatch.8:1.1.1.1.6.1
--- arpwatch/arpwatch.8:1.1.1.1	Tue Apr 17 13:31:36 2001
+++ arpwatch/arpwatch.8	Tue Apr 17 13:50:23 2001
@@ -29,6 +29,8 @@
 [
 .B -dN
 ] [
+.B -p
+] [
 .B -f
 .I datafile
 ] [
@@ -81,6 +83,15 @@
 The
 .B -N
 flag disables reporting any bogons.
+.LP
+The
+.B -p
+flag disables promiscuous operation.  ARP broadcasts get through hubs without
+having the interface in promiscuous mode, while saving considerable resources
+that would be wasted on processing gigabytes of non-broadcast traffic.  OTOH,
+setting promiscuous mode does not mean getting 100% traffic that would concern
+.B arpwatch .
+YMMV. (Debian specific)
 .LP
 The
 .B -r
Index: arpwatch/arpwatch.c
diff -u arpwatch/arpwatch.c:1.1.1.1.2.1 arpwatch/arpwatch.c:1.1.1.1.2.1.4.1
--- arpwatch/arpwatch.c:1.1.1.1.2.1	Tue Apr 17 13:47:57 2001
+++ arpwatch/arpwatch.c	Tue Apr 17 13:50:23 2001
@@ -159,6 +159,7 @@
 		"i:"
 		"n:"
 		"N"
+		"p"
 		"r:"
 	;
 
@@ -206,6 +207,10 @@
 			++nobogons;
 			break;
 
+		case 'p':
+			++nopromisc;
+			break;
+
 		case 'r':
 			rfilename = optarg;
 			break;
@@ -277,7 +282,7 @@
 		snaplen = max(sizeof(struct ether_header),
 		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 		timeout = 1000;
-		pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+		pd = pcap_open_live(interface, snaplen, !nopromisc, timeout, errbuf);
 		if (pd == NULL) {
 			syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
 			exit(1);
@@ -758,6 +763,7 @@
 	extern char version[];
 	char usage[] =
 		"[-dN] "
+		"[-p] "
 		"[-f datafile] "
 		"[-i interface] "
 		"[-n net[/width]] "
Index: arpwatch/util.c
diff -u arpwatch/util.c:1.1.1.1 arpwatch/util.c:1.1.1.1.6.1
--- arpwatch/util.c:1.1.1.1	Tue Apr 17 13:31:37 2001
+++ arpwatch/util.c	Tue Apr 17 13:50:23 2001
@@ -61,6 +61,7 @@
 
 int debug = 0;
 int initializing = 1;			/* true if initializing */
+int nopromisc = 0;			/* don't activate promisc mode */
 
 /* syslog() helper routine */
 void
Index: arpwatch/util.h
diff -u arpwatch/util.h:1.1.1.1 arpwatch/util.h:1.1.1.1.6.1
--- arpwatch/util.h:1.1.1.1	Tue Apr 17 13:31:37 2001
+++ arpwatch/util.h	Tue Apr 17 13:50:23 2001
@@ -17,3 +17,4 @@
 
 extern int debug;
 extern int initializing;
+extern int nopromisc;