[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ethercodes.dat / oui.txt (Was: Re: arpwatch & systemd)

On 03/27/2017 12:24 AM, Lukas Schwaighofer wrote:
> 22:30:39 +0200 Christian Seiler <christian@iwakd.de> wrote:
> 
>> On 03/26/2017 09:19 PM, Lukas Schwaighofer wrote:
>>> I'm not sure I understand what you mean… should the ethercodes.dat
>>> file be removed / used from a different package?  
>>
>> Yes. See also:
>> https://lintian.debian.org/tags/source-contains-data-from-ieee-data-oui-db.html
>>
>> ieee-data also contains a script that allows the admin to
>> update the listing manually, and other packages can hook into
>> that update process if that's required.
> 
> thanks for clarifying.
> 
> I need to convert the oui.txt database to a different format (the script
> to do that is already available). Two options come to my mind:
> 
> 1. use the maintainer scripts (postinst?) to generate the initial
>    version of the converted database, add a hook for ieee-data to keep
>    it updated

That seems like the most reasonable thing to do.

> 2. check if the database is up to date when the arpwatch service is
>    started by the init system, update it otherwise
> 
> Option 1 seems somewhat cleaner, but if I understand the mechanisms
> correctly, this will only trigger when the admin (or a cron job) calls
> `update-ieee-data`, and not if the ieee-data package gets updated.

Well, you could also add a file-based trigger on
/usr/share/ieee-data/oui.txt.

ieee-data has two directories for the oui.txt file: the packaged
data, which is in /usr/share/ieee-data, and the most up to date
information, which is in /var/lib/ieee-data, and defaults to
symlinks to /usr/share/ieee-data.

So you should always use /var/lib/ieee-data as your data source,
but you can use /usr/share/ieee-data/oui.txt for a file-based
dpkg trigger to hook your postinst script into when ieee-data
itself is updated (but still use the /var/lib dir as the data
source.)

Combine that with the hook into update-ieee-data, and you should
be all set.

I really wouldn't do anything in the init script for this, this
just seems like a waste of reasources, plus if something goes
wrong, the admin will have a hard time debugging it, because there
is not direct temporal adjacency between the update of the
database and the problem occurring.

> The easiest way for me to check if the converted database is up-to-date
> is to depend on the existence of /var/lib/ieee-data/.lastupdate . Is
> that ok?

As far as I understand it, yes.

That said: what do you consider outdated? I've never checked how
often the OUI database changes, but as far as I can tell the
updates happen as needed, not according to a specific schedule.
That means that if nobody requested an update, the database is
not out of date, even if it's old.

What you could do is check the .lastupdate file only if a lookup
fails - and if it's older than a week, display a message. But
that would require direct patching of arpwatch, so the much
simpler solution could be to just add an entry to README.Debian
that tells the user to run update-ieee-data if they want to
have an updated database. Currently the database isn't udpated at
all, so this is already going to be an improvement.

Regards,
Christian
Reply to: