Project

General

Profile

Bug #10261

Arpwatch fails to download ethercodes.dat

Added by Samuel Scheetz 5 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
arpwatch
Target version:
-
Start date:
02/14/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:
All

Description

I noticed that the ethernet vendor field in arpwatch alerts is always unknown even though the update vendors option is checked under services > arpwatch. I have selected my internal interfaces and the update vendors option is the only box checked and an email address setup and working. I noticed the error "php-fpm 362 /rc.start_packages: Download file failed with status code 0. URL: http://linuxnet.ca/ieee/oui/ethercodes.dat" in the general log. I have tried putting the ethercodes.dat in /usr/local/arpwatch manually but it disappears after a period of time (presumably as part of the process to update it). I also reinstalled the arpwatch package which did not help. I can download the file from a shell on the pfSense box just fine "/usr/bin/fetch -q -o /usr/local/arpwatch http://linuxnet.ca/ieee/oui/ethercodes.dat" so I know the connectivity is there. I do not know enough about the inner workings of pfSense and BSD to dig much deeper but I feel this is a bug so I am logging it here.

History

#1 Updated by Samuel Scheetz 5 months ago

This is version 2.4.4-RELEASE-p3 (arm64)

#2 Updated by Samuel Scheetz 5 months ago

I have a workaround in place which involves disabling the update vendors option and using cron to run the command below on a schedule. Seems to be working fine like this. Should not be necessary though.

/usr/bin/fetch -q -o /usr/local/arpwatch http://linuxnet.ca/ieee/oui/ethercodes.dat

#3 Updated by Jim Pingle 5 months ago

  • Category set to arpwatch
  • Affected Architecture All added
  • Affected Architecture deleted (SG-1100)

#4 Updated by Viktor Gurov 5 months ago

this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:

function arpwatch_update_vendors() {
        download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat");
}

can be fixed by setting the connection timeout to a higher value:
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat", true, 10);

no such issue with arpwatch 0.2.0 (pfSense 2.4.5, 2.5)
so it can better wait stable 2.4.5

#5 Updated by Samuel Scheetz 5 months ago

Viktor Gurov wrote:

this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:
[...]

can be fixed by setting the connection timeout to a higher value:
download_file(ARPWATCH_ETHERCODES_URL, ARPWATCH_LOCAL_DIR."/ethercodes.dat", true, 10);

no such issue with arpwatch 0.2.0 (pfSense 2.4.5, 2.5)
so it can better wait stable 2.4.5

That did the trick! I updated /usr/local/pkg/arpwatch.inc and it looks like it's working. Thanks! Just curious, what is the "true" before the "10" in your updated download command?

#6 Updated by Manuel Piovan 5 months ago

Samuel: /etc/inc/pfsense-utils.inc: function download_file($url, $destination, $verify_ssl = true, $connect_timeout = 5, $timeout = 0)

maybe they should increase a little the default if other packages is using this function

#7 Updated by Tobias Müllauer 3 months ago

This is still a issue !!

I have all vendors as unknown.

I fix it and after a while it get broken again.

Using PFsense 2.4.5

#8 Updated by Viktor Gurov 3 months ago

  • Status changed from New to Resolved

Tobias Müllauer wrote:

This is still a issue !!

I have all vendors as unknown.

I fix it and after a while it get broken again.

Using PFsense 2.4.5

This is another issue https://redmine.pfsense.org/issues/10432
and it's resolved

Also available in: Atom PDF