1.\" $OpenBSD: arp.4,v 1.19 2007/05/31 19:20:22 jmc Exp $ 2.\" $NetBSD: arp.4,v 1.2 1995/03/01 11:50:56 chopps Exp $ 3.\" 4.\" Copyright (c) 1985, 1986, 1988, 1994 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" from: @(#)arp4.4 6.5 (Berkeley) 4/18/94 32.\" 33.Dd $Mdocdate: May 31 2007 $ 34.Dt ARP 4 35.Os 36.Sh NAME 37.Nm arp 38.Nd Address Resolution Protocol 39.Sh SYNOPSIS 40.Cd "pseudo-device ether" 41.Sh DESCRIPTION 42The Address Resolution Protocol (ARP) is used to dynamically 43map between Internet host addresses and Ethernet addresses. 44It is used by all of the Ethernet interface drivers. 45It is not specific to Internet protocols or to Ethernet, 46but this implementation currently supports only that combination. 47.Pp 48ARP caches Internet-Ethernet address mappings. 49When an interface requests a mapping for an address not in the cache, 50ARP queues the message which requires the mapping and broadcasts 51a message on the associated network requesting the address mapping. 52If a response is provided, the new mapping is cached and any pending 53message is transmitted. 54ARP will queue at most one packet while waiting for a response to a 55mapping request; 56only the most recently transmitted packet is kept. 57If the target host does not respond after several requests, 58the host is considered to be down for a short period (normally 20 seconds), 59allowing an error to be returned to transmission attempts during this 60interval. 61The error is 62.Li EHOSTDOWN 63for a non-responding destination host, and 64.Li EHOSTUNREACH 65for a non-responding router. 66.Pp 67The ARP cache is stored in the system routing table as 68dynamically created host routes. 69The route to a directly attached Ethernet network is installed as a 70.Dq cloning 71route (one with the 72.Li RTF_CLONING 73flag set), 74causing routes to individual hosts on that network to be created on 75demand. 76These routes time out periodically (normally 20 minutes after validated; 77entries are not validated when not in use). 78An entry for a host which is not responding is a 79.Dq reject 80route (one with the 81.Li RTF_REJECT 82flag set). 83.Pp 84ARP entries may be added, deleted or changed with the 85.Xr arp 8 86utility. 87Manually added entries may be temporary, static or permanent, 88and may be 89.Dq published , 90in which case the system will respond to ARP requests for that host 91as if it were the target of the request. 92A static entry will not 93time out, but may be overwritten by network traffic, while a permanent 94entry will not time out and can not be overwritten. 95.Pp 96In the past, 97ARP was used to negotiate the use of a trailer encapsulation. 98This is no longer supported. 99.Pp 100ARP watches passively for hosts impersonating the local host (i.e., a host 101which responds to an ARP mapping request for the local host's address). 102.Sh DIAGNOSTICS 103.Bl -diag 104.It "duplicate IP address %x!! sent from ethernet address: %x:%x:%x:%x:%x:%x" 105ARP has discovered another host on the local network which responds to 106mapping requests for its own Internet address with a different Ethernet 107address, generally indicating that two hosts are attempting to use the 108same Internet address. 109.It "arp info overwritten for %x!! by %x:%x:%x:%x:%x:%x on %x" 110An existing route has been overwritten with a new Ethernet address, for 111example when the other host has changed Ethernet cards. 112If the route 113previously was static/non-expiring, the new route will expire normally. 114.It "arp: attempt to overwrite permanent entry for %x!! by %x:%x:%x:%x:%x:%x on %x" 115As above, but the existing route had been manually set up as permanent. 116The routing information is not modified. 117.It "arp: attempt to overwrite entry for %x!! on %x by %x:%x:%x:%x:%x:%x on %x" 118ARP has noticed an attempt to overwrite a host's routing entry on one 119interface with a routing entry for a different interface. 120The routing information is not modified. 121.It "arp: received reply to broadcast or multicast address" 122ARP received a response which is a broadcast or multicast address. 123This might indicate an ARP spoofing attempt. 124.It "arp: ether address is broadcast for IP address %s!" 125ARP requested information for a host, and received an answer indicating that 126the host's Ethernet address is the Ethernet broadcast address. 127This indicates a misconfigured or broken device. 128.It "arp: ether address is multicast for IP address %s!" 129ARP requested information for a host, and received an answer indicating that 130the host's Ethernet address is the Ethernet multicast address. 131This indicates a misconfigured or broken device. 132.It "arp: attempt to add entry for %s on %s by %s on %s" 133This usually indicates there is more than one interface 134connected to the same hub, 135or that the networks have somehow been short-circuited 136(e.g. IPs that should have been present on interface one 137are present on interface two). 138.It "arplookup: unable to enter address for %s" 139An IP received on the interface does not match the network/netmask 140of the interface. 141This indicates a netmask problem. 142.El 143.Sh SEE ALSO 144.Xr inet 4 , 145.Xr route 4 , 146.Xr arp 8 , 147.Xr ifconfig 8 , 148.Xr route 8 149.Pp 150.Rs 151.%A Plummer, D. 152.%B "An Ethernet Address Resolution Protocol" 153.%T RFC 826 154.Re 155.Rs 156.%A Karels, M.J. 157.%A Leffler, S.J. 158.%B Trailer Encapsulations 159.%T RFC 893 160.Re 161