Project

General

Profile

Actions

Bug #10261

closed

Arpwatch fails to download ethercodes.dat

Added by Samuel Scheetz over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
arpwatch
Target version:
-
Start date:
02/14/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

I noticed that the ethernet vendor field in arpwatch alerts is always unknown even though the update vendors option is checked under services > arpwatch. I have selected my internal interfaces and the update vendors option is the only box checked and an email address setup and working. I noticed the error "php-fpm 362 /rc.start_packages: Download file failed with status code 0. URL: http://linuxnet.ca/ieee/oui/ethercodes.dat" in the general log. I have tried putting the ethercodes.dat in /usr/local/arpwatch manually but it disappears after a period of time (presumably as part of the process to update it). I also reinstalled the arpwatch package which did not help. I can download the file from a shell on the pfSense box just fine "/usr/bin/fetch -q -o /usr/local/arpwatch http://linuxnet.ca/ieee/oui/ethercodes.dat" so I know the connectivity is there. I do not know enough about the inner workings of pfSense and BSD to dig much deeper but I feel this is a bug so I am logging it here.

Actions #1

Updated by Samuel Scheetz over 4 years ago

This is version 2.4.4-RELEASE-p3 (arm64)

Actions #2

Updated by Samuel Scheetz over 4 years ago

I have a workaround in place which involves disabling the update vendors option and using cron to run the command below on a schedule. Seems to be working fine like this. Should not be necessary though.

/usr/bin/fetch -q -o /usr/local/arpwatch http://linuxnet.ca/ieee/oui/ethercodes.dat
Actions #3

Updated by Jim Pingle over 4 years ago

  • Category set to arpwatch
  • Affected Architecture All added
  • Affected Architecture deleted (SG-1100)
Actions #4

Updated by Viktor Gurov over 4 years ago

this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:

function arpwatch_update_vendors() {
        download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat");
}

can be fixed by setting the connection timeout to a higher value:
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat", true, 10);

no such issue with arpwatch 0.2.0 (pfSense 2.4.5, 2.5)
so it can better wait stable 2.4.5

Actions #5

Updated by Samuel Scheetz over 4 years ago

Viktor Gurov wrote:

this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:
[...]

can be fixed by setting the connection timeout to a higher value:
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat", true, 10);

no such issue with arpwatch 0.2.0 (pfSense 2.4.5, 2.5)
so it can better wait stable 2.4.5

That did the trick! I updated /usr/local/pkg/arpwatch.inc and it looks like it's working. Thanks! Just curious, what is the "true" before the "10" in your updated download command?

Actions #6

Updated by Manuel Piovan over 4 years ago

Samuel: /etc/inc/pfsense-utils.inc: function download_file($url, $destination, $verify_ssl = true, $connect_timeout = 5, $timeout = 0)

maybe they should increase a little the default if other packages is using this function

Actions #7

Updated by Tobias Müllauer over 4 years ago

This is still a issue !!

I have all vendors as unknown.

I fix it and after a while it get broken again.

Using PFsense 2.4.5

Actions #8

Updated by Viktor Gurov over 4 years ago

  • Status changed from New to Resolved

Tobias Müllauer wrote:

This is still a issue !!

I have all vendors as unknown.

I fix it and after a while it get broken again.

Using PFsense 2.4.5

This is another issue https://redmine.pfsense.org/issues/10432
and it's resolved

Actions

Also available in: Atom PDF