main/arpwatch/10_all_arpwatch-2.1a15-ignore-net.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

diff -Naru arpwatch-2.1a15.orig/arpwatch.8 arpwatch-2.1a15/arpwatch.8
--- arpwatch-2.1a15.orig/arpwatch.8	2006-09-23 22:19:29.000000000 +0400
+++ arpwatch-2.1a15/arpwatch.8	2006-09-23 22:19:55.000000000 +0400
@@ -92,6 +92,12 @@
 [
 .B -Q
 ]
+.br
+.ti +8
+[
+.B -z
+.I ignorenet/ignoremask
+]
 .ad
 .SH DESCRIPTION
 .B Arpwatch
@@ -206,6 +212,11 @@
 .B -Q
 flags prevents arpwatch from sending reports by mail. (This feature comes from Debian).
 .LP
+The
+.B -z
+flag is used to set a range of ip addresses to ignore (such as a DHCP
+range). Netmask is specified as 255.255.128.0. (This feature comes from Debian).
+.LP
 Note that an empty
 .I arp.dat
 file must be created before the first time you run
diff -Naru arpwatch-2.1a15.orig/arpwatch.c arpwatch-2.1a15/arpwatch.c
--- arpwatch-2.1a15.orig/arpwatch.c	2006-09-23 22:19:29.000000000 +0400
+++ arpwatch-2.1a15/arpwatch.c	2006-09-23 22:19:55.000000000 +0400
@@ -125,6 +125,9 @@
 static int nets_ind;
 static int nets_size;
 
+static struct in_addr ignore_net;
+static struct in_addr ignore_netmask;
+
 extern int optind;
 extern int opterr;
 extern char *optarg;
@@ -189,7 +192,9 @@
 		"a"
 		"u:"
 		"Q"
+		"z:"
 	;
+	char *tmpptr;
 
 	if (argv[0] == NULL)
 		prog = "arpwatch";
@@ -207,6 +212,9 @@
 	interface = NULL;
 	rfilename = NULL;
 	pd = NULL;
+	
+	inet_aton("0.0.0.0", &ignore_netmask);
+	inet_aton("255.255.255.255", &ignore_netmask);
 	while ((op = getopt(argc, argv, options)) != EOF)
 		switch (op) {
 
@@ -263,6 +271,12 @@
 			++quiet;
 			break;
 
+		case 'z':
+			tmpptr = strtok(optarg, "/");
+			inet_aton(tmpptr, &ignore_net);
+			tmpptr = strtok(NULL, "/");
+			inet_aton(tmpptr, &ignore_netmask);
+			break;
 
 		default:
 			usage();
@@ -465,6 +479,14 @@
 		return;
 	}
 
+	/* Ignores the specified netmask/metwork */
+	if ((sia & ignore_netmask.s_addr) == ignore_net.s_addr) {
+		if (debug) {
+			dosyslog(LOG_INFO, "ignored", sia, sea, sha, interface);
+		}
+		return;
+	}
+
 	/* Got a live one */
 	t = h->ts.tv_sec;
 	can_checkpoint = 0;
@@ -830,6 +852,7 @@
 		"[-a] "
 		"[-u username] "
 		"[-Q ] "
+		"[-z ignorenet/ignoremask] "
 		"\n"
 	;