Bug #10261
closed
Arpwatch fails to download ethercodes.dat
0%
Description
I noticed that the ethernet vendor field in arpwatch alerts is always unknown even though the update vendors option is checked under services > arpwatch. I have selected my internal interfaces and the update vendors option is the only box checked and an email address setup and working. I noticed the error "php-fpm 362 /rc.start_packages: Download file failed with status code 0. URL: http://linuxnet.ca/ieee/oui/ethercodes.dat" in the general log. I have tried putting the ethercodes.dat in /usr/local/arpwatch manually but it disappears after a period of time (presumably as part of the process to update it). I also reinstalled the arpwatch package which did not help. I can download the file from a shell on the pfSense box just fine "/usr/bin/fetch -q -o /usr/local/arpwatch http://linuxnet.ca/ieee/oui/ethercodes.dat" so I know the connectivity is there. I do not know enough about the inner workings of pfSense and BSD to dig much deeper but I feel this is a bug so I am logging it here.
Updated by Samuel Scheetz about 4 years ago
This is version 2.4.4-RELEASE-p3 (arm64)
Updated by Samuel Scheetz about 4 years ago
I have a workaround in place which involves disabling the update vendors option and using cron to run the command below on a schedule. Seems to be working fine like this. Should not be necessary though.
/usr/bin/fetch -q -o /usr/local/arpwatch http://linuxnet.ca/ieee/oui/ethercodes.dat
Updated by Jim Pingle about 4 years ago
- Category set to arpwatch
- Affected Architecture All added
- Affected Architecture deleted (
SG-1100)
Updated by Viktor Gurov about 4 years ago
this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:
function arpwatch_update_vendors() {
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat");
}
can be fixed by setting the connection timeout to a higher value:
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat", true, 10);
no such issue with arpwatch 0.2.0 (pfSense 2.4.5, 2.5)
so it can better wait stable 2.4.5
Updated by Samuel Scheetz about 4 years ago
Viktor Gurov wrote:
this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:
[...]can be fixed by setting the connection timeout to a higher value:
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat", true, 10);no such issue with arpwatch 0.2.0 (pfSense 2.4.5, 2.5)
so it can better wait stable 2.4.5
That did the trick! I updated /usr/local/pkg/arpwatch.inc and it looks like it's working. Thanks! Just curious, what is the "true" before the "10" in your updated download command?
Updated by Manuel Piovan about 4 years ago
Samuel: /etc/inc/pfsense-utils.inc: function download_file($url, $destination, $verify_ssl = true, $connect_timeout = 5, $timeout = 0)
maybe they should increase a little the default if other packages is using this function
Updated by Tobias Müllauer about 4 years ago
This is still a issue !!
I have all vendors as unknown.
I fix it and after a while it get broken again.
Using PFsense 2.4.5
Updated by Viktor Gurov about 4 years ago
- Status changed from New to Resolved
Tobias Müllauer wrote:
This is still a issue !!
I have all vendors as unknown.
I fix it and after a while it get broken again.
Using PFsense 2.4.5
This is another issue https://redmine.pfsense.org/issues/10432
and it's resolved