diff -Naru arpwatch-2.1a15.orig/arpwatch.8 arpwatch-2.1a15/arpwatch.8 --- arpwatch-2.1a15.orig/arpwatch.8 2006-09-23 22:19:29.000000000 +0400 +++ arpwatch-2.1a15/arpwatch.8 2006-09-23 22:19:55.000000000 +0400 @@ -92,6 +92,12 @@ [ .B -Q ] +.br +.ti +8 +[ +.B -z +.I ignorenet/ignoremask +] .ad .SH DESCRIPTION .B Arpwatch @@ -206,6 +212,11 @@ .B -Q flags prevents arpwatch from sending reports by mail. (This feature comes from Debian). .LP +The +.B -z +flag is used to set a range of ip addresses to ignore (such as a DHCP +range). Netmask is specified as 255.255.128.0. (This feature comes from Debian). +.LP Note that an empty .I arp.dat file must be created before the first time you run diff -Naru arpwatch-2.1a15.orig/arpwatch.c arpwatch-2.1a15/arpwatch.c --- arpwatch-2.1a15.orig/arpwatch.c 2006-09-23 22:19:29.000000000 +0400 +++ arpwatch-2.1a15/arpwatch.c 2006-09-23 22:19:55.000000000 +0400 @@ -125,6 +125,9 @@ static int nets_ind; static int nets_size; +static struct in_addr ignore_net; +static struct in_addr ignore_netmask; + extern int optind; extern int opterr; extern char *optarg; @@ -189,7 +192,9 @@ "a" "u:" "Q" + "z:" ; + char *tmpptr; if (argv[0] == NULL) prog = "arpwatch"; @@ -207,6 +212,9 @@ interface = NULL; rfilename = NULL; pd = NULL; + + inet_aton("0.0.0.0", &ignore_netmask); + inet_aton("255.255.255.255", &ignore_netmask); while ((op = getopt(argc, argv, options)) != EOF) switch (op) { @@ -263,6 +271,12 @@ ++quiet; break; + case 'z': + tmpptr = strtok(optarg, "/"); + inet_aton(tmpptr, &ignore_net); + tmpptr = strtok(NULL, "/"); + inet_aton(tmpptr, &ignore_netmask); + break; default: usage(); @@ -465,6 +479,14 @@ return; } + /* Ignores the specified netmask/metwork */ + if ((sia & ignore_netmask.s_addr) == ignore_net.s_addr) { + if (debug) { + dosyslog(LOG_INFO, "ignored", sia, sea, sha, interface); + } + return; + } + /* Got a live one */ t = h->ts.tv_sec; can_checkpoint = 0; @@ -830,6 +852,7 @@ "[-a] " "[-u username] " "[-Q ] " + "[-z ignorenet/ignoremask] " "\n" ;