arp - Address Resolution Protocol
pseudo-device ether
The Address Resolution Protocol (ARP) is used to dynamically
map between
Internet host addresses and Ethernet addresses. It is used
by all of the
Ethernet interface drivers. It is not specific to Internet
protocols or
to Ethernet, but this implementation currently supports only
that combination.
ARP caches Internet-Ethernet address mappings. When an interface requests
a mapping for an address not in the cache, ARP queues
the message
which requires the mapping and broadcasts a message on the
associated
network requesting the address mapping. If a response is
provided, the
new mapping is cached and any pending message is transmitted. ARP will
queue at most one packet while waiting for a response to a
mapping request;
only the most recently transmitted packet is kept.
If the target
host does not respond after several requests, the host is
considered to
be down for a short period (normally 20 seconds), allowing
an error to be
returned to transmission attempts during this interval. The
error is
EHOSTDOWN for a non-responding destination host, and EHOSTUNREACH for a
non-responding router.
The ARP cache is stored in the system routing table as dynamically created
host routes. The route to a directly attached Ethernet
network is installed
as a ``cloning'' route (one with the RTF_CLONING
flag set), causing
routes to individual hosts on that network to be created
on demand.
These routes time out periodically (normally 20 minutes after validated;
entries are not validated when not in use). An entry for a
host which is
not responding is a ``reject'' route (one with the RTF_REJECT flag set).
ARP entries may be added, deleted or changed with the arp(8)
utility.
Manually added entries may be temporary, static or permanent, and may be
``published'', in which case the system will respond to ARP
requests for
that host as if it were the target of the request. A static
entry will
not time out, but may be overwritten by network traffic,
while a permanent
entry will not time out and can not be overwritten.
In the past, ARP was used to negotiate the use of a trailer
encapsulation.
This is no longer supported.
ARP watches passively for hosts impersonating the local host
(i.e., a
host which responds to an ARP mapping request for the local
host's address).
duplicate IP address %x!! sent from ethernet address:
%x:%x:%x:%x:%x:%x ARP has discovered another host on the
local network
which responds to mapping requests for its own Internet address with a
different Ethernet address, generally indicating that two
hosts are attempting
to use the same Internet address.
arp info overwritten for %x!! by %x:%x:%x:%x:%x:%x on %x An
existing
route has been overwritten with a new Ethernet address, for
example when
the other host has changed Ethernet cards. If the route
previously was
static/non-expiring, the new route will expire normally.
arp: attempt to overwrite permanent entry for %x!! by
%x:%x:%x:%x:%x:%x
on %x As above, but the existing route had been manually
set up as permanent.
The routing information is not modified.
arp: attempt to overwrite entry for %x!! on %x by
%x:%x:%x:%x:%x:%x on
%x ARP has noticed an attempt to overwrite a host's routing
entry on one
interface with a routing entry for a different interface.
The routing
information is not modified.
arp: received reply to broadcast or multicast address ARP
received a response
which is a broadcast or multicast address. This
might indicate an
ARP spoofing attempt.
arp: ether address is broadcast for IP address %s! ARP requested information
for a host, and received an answer indicating that
the host's Ethernet
address is the Ethernet broadcast address. This indicates a misconfigured
or broken device.
arp: ether address is multicast for IP address %s! ARP requested information
for a host, and received an answer indicating that
the host's Ethernet
address is the Ethernet multicast address. This indicates a misconfigured
or broken device.
arp: attempt to add entry for %s on %s by %s on %s This
usually indicates
there is more than one interface connected to the same
hub, or that
the networks have somehow been short-circuited (e.g. IPs
that should have
been present on interface one are present on interface two).
arplookup: unable to enter address for %s An IP received on
the interface
does not match the network/netmask of the interface.
This indicates
a netmask problem.
inet(4), route(4), arp(8), ifconfig(8), route(8)
Plummer, D., "RFC 826", An Ethernet Address Resolution
Protocol.
Karels, M.J. and Leffler, S.J., "RFC 893", Trailer
Encapsulations.
OpenBSD 3.6 April 18, 1994
[ Back ] |
