ARP cache failed #87
Comments
|
This appears to be the same issue: DHCP lease renewed with new lease of 43200 seconds It is running on Ubuntu 12.04.4. Please let me know if this can be resolved. |
|
dwebber, I would reinstall Honeyd. Did that fix the issue? |
|
I had just reinstalled, so no that does not fix the issue. Same error again today. The 1st line above regarding dhcp renewal appears to have nothing to do with the error. Please advise. From: DarkmatterVale [mailto:[email protected]] dwebber, I would reinstall Honeyd. Did that fix the issue? — |
|
I would check that you don't have duplicate MACs for nodes, and I'd also try and clear your/your router's ARP cache to see if that fixes the issue. |
|
I have another installation running fine using only 1 listening interface (settings -> Ethernet Interface). On the install in question, I’m running on multiple interfaces but the UI does not allow to select only 2 out of the 4 interfaces on the system. The UI either forces only 1 or all 4. Issue is noticed when running on all 4 interfaces. Is there a way to manually set the listing interfaces to only 2 or 3 of the 4? Resolving this will at least allow me to determine if it is interface specific. From: Addison Waldow [mailto:[email protected]] I would check that you don't have duplicate MACs for nodes, and I'd also try and clear your/your router's ARP cache to see if that fixes the issue. — |
|
I would think it would be easier to determine if there's an interface specific issue by doing them one at a time. But that won't really help, as you have discovered a bug wherein only the last interface of the selected ones is actually saved. I will open a new ticket for this. |
|
While it is not saved via the interface, can this be set in a config file somewhere? If yes, where is the config file? From: Addison Waldow [mailto:[email protected]] I would think it would be easier to determine if there's an interface specific issue by doing them one at a time. But that won't really help, as you have discovered a bug wherein only the last interface of the selected ones is actually saved. I will open a new ticket for this. — |
|
I believe that if you change the value of the INTERFACE variable in the NOVAConfig.txt file this will satisfy your needs. This value is loaded on init, so you'll have to restart. But you should get by with a space delimited list (i.e. INTERFACES eth0 eth2 eth3) |
|
Can you select individual interfaces in the node that works? This would tell you if it is just a single node issue, or overall issue. |
|
Yes, but I already have a different install running on a single interface without issue. I believe the issue may occur with multiple interfaces. I changed the INTERFACE variable on NOVAConfig.txt to listen to more than one interface and I’m testing now. If it runs through the weekend we should be good. Note, even though it is listening to 2 interfaces, per the IPs specified on the Nodes tab, Settings only checks the 1st interface specified in the NOVAConfig.txt file. From: DarkmatterVale [mailto:[email protected]] Can you select individual interfaces in the node that works? — |
|
awaldow, is their any way to force the starting of the interfaces? One that is not permanent, but works only in that instance, or session |
|
What do you mean DV? |
|
Is there any way to start the interfaces without going through the UI? Because then we could try to start just the 1st and the 2nd interfaces, and see if the issue still occurs. Do you see what I am saying? This would just help narrow down the problem |
|
Just as a note, the interface start per the NOVAConfig.txt file. It is just not reflected accurately in the UI. From: Addison Waldow [mailto:[email protected]] What do you mean DV? — |
|
Ok, thanks. Sorry, but I am not as technically adept as awaldow is in this. |
|
Is there anyway to put logging around this error? honeyd: config.c:721: template_remove_arp: Assertion 'arp ! = ((void*)0)' failed. This is still occurring when running on multiple interfaces. Could there be an issue with separate DHCP servers, one for each interface? |
|
Please advise. |
|
It's an assertion so it's supposed to error out when that expression fails. Which means there is some issue with your setup regarding ARP. Could be the same MAC on two different interfaces, could be some connection/router issue with its ARP table. I |
|
Have you tried running your device at a different location? |
|
Is there a log or way to further log this issue? The information provided does not give a lot of information. For example, if it is a MAC issue, knowing which MAC address is causing the issue would help. I’ve run this on a on another machine with the same results. |
Nova user received the following error:
Expiring OS fingerprint for xxx.xxx.xx.xx
honeyd: config.c:721: template_remove_arp: Assertion 'arp ! = ((void*)0)' failed.
Failed to start Haystack
It seems like the honeyd ARP table is being asked for a value that it does not have – so it fails to start the haystack. Honeyd’s ARP mechanisms were never developed by the honeyd project to mirror the ARP caching on Linux. We have identified some differences in this on one of the issues in the Github issue list for honeyd: (see issue #44)
#44
If the user can re-start honeyd and it does not happen again then we can assume it is a caching behavior. If the error can be re-produced, it becomes a issue that we need to investigate further. Please comment if others have seen this issue.
The text was updated successfully, but these errors were encountered: