ARP(4) AerieBSD 1.0 Refernce Manual ARP(4)

NAME

arp — Address Resolution Protocol

SYNOPSIS

.Cd "pseudo-device ether"

DESCRIPTION

The Address Resolution Protocol (ARP) is used to dynamically map between Internet host addresses and Ethernet addresses. It is used by all of the Ethernet interface drivers. It is not specific to Internet protocols or to Ethernet, but this implementation currently supports only that combination.

ARP caches Internet-Ethernet address mappings. When an interface requests a mapping for an address not in the cache, ARP queues the message which requires the mapping and broadcasts a message on the associated network requesting the address mapping. If a response is provided, the new mapping is cached and any pending message is transmitted. ARP will queue at most one packet while waiting for a response to a mapping request; only the most recently transmitted packet is kept. If the target host does not respond after several requests, the host is considered to be down for a short period (normally 20 seconds), allowing an error to be returned to transmission attempts during this interval. The error is EHOSTDOWN for a non-responding destination host, and EHOSTUNREACH for a non-responding router.

The ARP cache is stored in the system routing table as dynamically created host routes. The route to a directly attached Ethernet network is installed as a “cloning” route (one with the RTF_CLONING flag set), causing routes to individual hosts on that network to be created on demand. These routes time out periodically (normally 20 minutes after validated; entries are not validated when not in use). An entry for a host which is not responding is a “reject” route (one with the RTF_REJECT flag set).

ARP entries may be added, deleted or changed with the arp(8) utility. Manually added entries may be temporary, static or permanent, and may be “published”, in which case the system will respond to ARP requests for that host as if it were the target of the request. A static entry will not time out, but may be overwritten by network traffic, while a permanent entry will not time out and can not be overwritten.

In the past, ARP was used to negotiate the use of a trailer encapsulation. This is no longer supported.

ARP watches passively for hosts impersonating the local host (i.e., a host which responds to an ARP mapping request for the local host's address).

DIAGNOSTICS

ARP has discovered another host on the local network which responds to mapping requests for its own Internet address with a different Ethernet address, generally indicating that two hosts are attempting to use the same Internet address. An existing route has been overwritten with a new Ethernet address, for example when the other host has changed Ethernet cards. If the route previously was static/non-expiring, the new route will expire normally. As above, but the existing route had been manually set up as permanent. The routing information is not modified. ARP has noticed an attempt to overwrite a host's routing entry on one interface with a routing entry for a different interface. The routing information is not modified. ARP received a response which is a broadcast or multicast address. This might indicate an ARP spoofing attempt. ARP requested information for a host, and received an answer indicating that the host's Ethernet address is the Ethernet broadcast address. This indicates a misconfigured or broken device. ARP requested information for a host, and received an answer indicating that the host's Ethernet address is the Ethernet multicast address. This indicates a misconfigured or broken device. This usually indicates there is more than one interface connected to the same hub, or that the networks have somehow been short-circuited (e.g. IPs that should have been present on interface one are present on interface two). An IP received on the interface does not match the network/netmask of the interface. This indicates a netmask problem.

SEE ALSO

inet(4), route(4), arp(8), ifconfig(8), route(8)

.Rs .%A Plummer, D. .%B "An Ethernet Address Resolution Protocol" .%T RFC 826 .Re .Rs .%A Karels, M.J. .%A Leffler, S.J. .%B Trailer Encapsulations .%T RFC 893 .Re


AerieBSD 1.0 Reference Manual August 26 2008 ARP(4)