1<!doctype linuxdoc system> 2 3<article> 4 5<title>ARPD Daemon 6<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/ 7<date>some_negative_number, 20 Sep 2001 8<abstract> 9<tt/arpd/ is daemon collecting gratuitous ARP information, saving 10it on local disk and feeding it to kernel on demand to avoid 11redundant broadcasting due to limited size of kernel ARP cache. 12</abstract> 13 14 15<p><bf/Description/ 16 17<p>The format of the command is: 18 19<tscreen><verb> 20 arpd OPTIONS [ INTERFACE [ INTERFACE ... ] ] 21</verb></tscreen> 22 23<p> <tt/OPTIONS/ are: 24 25<itemize> 26 27<item><tt/-l/ - dump <tt/arpd/ database to stdout and exit. Output consists 28of three columns: interface index, IP address and MAC address. 29Negative entries for dead hosts are also shown, in this case MAC address 30is replaced by word <tt/FAILED/ followed by colon and time when the fact 31that host is dead was proven the last time. 32 33<item><tt/-f FILE/ - read and load <tt/arpd/ database from <tt/FILE/ 34in text format similar dumped by option <tt/-l/. Exit after load, 35probably listing resulting database, if option <tt/-l/ is also given. 36If <tt/FILE/ is <tt/-/, <tt/stdin/ is read to get ARP table. 37 38<item><tt/-b DATABASE/ - location of database file. Default location is 39<tt>/var/lib/arpd/arpd.db</tt>. 40 41<item><tt/-a NUMBER/ - <tt/arpd/ not only passively listens ARP on wire, but 42also send brodcast queries itself. <tt/NUMBER/ is number of such queries 43to make before destination is considered as dead. When <tt/arpd/ is started 44as kernel helper (i.e. with <tt/app_solicit/ enabled in <tt/sysctl/ 45or even with option <tt/-k/) without this option and still did not learn enough 46information, you can observe 1 second gaps in service. Not fatal, but 47not good. 48 49<item><tt/-k/ - suppress sending broadcast queries by kernel. It takes 50sense together with option <tt/-a/. 51 52<item><tt/-n TIME/ - timeout of negative cache. When resolution fails <tt/arpd/ 53suppresses further attempts to resolve for this period. It makes sense 54only together with option <tt/-k/. This timeout should not be too much 55longer than boot time of a typical host not supporting gratuitous ARP. 56Default value is 60 seconds. 57 58<item><tt/-R RATE/ - maximal steady rate of broadcasts sent by <tt/arpd/ 59in packets per second. Default value is 1. 60 61<item><tt/-B NUMBER/ - number of broadcasts sent by <tt/arpd/ back to back. 62Default value is 3. Together with option <tt/-R/ this option allows 63to police broadcasting not to exceed <tt/B+R*T/ over any interval 64of time <tt/T/. 65 66</itemize> 67 68<p><tt/INTERFACE/ is name of networking inteface to watch. 69If no interfaces given, <tt/arpd/ monitors all the interfaces. 70In this case <tt/arpd/ does not adjust <tt/sysctl/ parameters, 71it is supposed user does this himself after <tt/arpd/ is started. 72 73 74<p> Signals 75 76<p> <tt/arpd/ exits gracefully syncing database and restoring adjusted 77<tt/sysctl/ parameters, when receives <tt/SIGINT/ or <tt/SIGTERM/. 78<tt/SIGHUP/ syncs database to disk. <tt/SIGUSR1/ sends some statistics 79to <tt/syslog/. Effect of another signals is undefined, they may corrupt 80database and leave <tt/sysctl/ parameters in an unpredictable state. 81 82<p> Note 83 84<p> In order to <tt/arpd/ be able to serve as ARP resolver, kernel must be 85compiled with the option <tt/CONFIG_ARPD/ and, in the case when interface list 86is not given on command line, variable <tt/app_solicit/ 87on interfaces of interest should be set in <tt>/proc/sys/net/ipv4/neigh/*</tt>. 88If this is not made <tt/arpd/ still collects gratuitous ARP information 89in its database. 90 91<p> Examples 92 93<enum> 94<item> Start <tt/arpd/ to collect gratuitous ARP, but not messing 95with kernel functionality: 96 97<tscreen><verb> 98 arpd -b /var/tmp/arpd.db 99</verb></tscreen> 100 101<item> Look at result after some time: 102 103<tscreen><verb> 104 killall arpd 105 arpd -l -b /var/tmp/arpd.db 106</verb></tscreen> 107 108<item> To enable kernel helper, leaving leading role to kernel: 109 110<tscreen><verb> 111 arpd -b /var/tmp/arpd.db -a 1 eth0 eth1 112</verb></tscreen> 113 114<item> Completely replace kernel resolution on interfaces <tt/eth0/ 115and <tt/eth1/. In this case kernel still does unicast probing to 116validate entries, but all the broadcast activity is suppressed 117and made under authority of <tt/arpd/: 118 119<tscreen><verb> 120 arpd -b /var/tmp/arpd.db -a 3 -k eth0 eth1 121</verb></tscreen> 122 123This is mode which <tt/arpd/ is supposed to work normally. 124It is not default just to prevent occasional enabling of too aggressive 125mode occasionally. 126 127</enum> 128 129</article> 130 131