On Tue, Feb 24, 2026 at 09:00:27AM +0100, Renaud Allard wrote:
> Hello,
>
> Here is a new port for neighbot.
>
> This is a network neighbor monitoring daemon.
>
> It acts about the same as arpwatch but has some key differences:
> - Support for IPv6 via NDP
> - Active probing — distinguishes "device moved" from "device has multiple
> IPs" by probing old addresses
> - Multi-interface in one process
> - Bogon detection which can flag IPs outside local subnets
> - Uses pledge and unveil after dropping privileges
>
> It needs its own user in /usr/ports/infrastructure/db/user.list:
> 904 _neighbot _neighbot net/neighbot
>
> The OUI file is deliberately fetched at make time because it could change
> and build would break because of a change with older distinfo. But if you
> have another idea, I am open.
Hi,
I've been looking for something able to handle IPv6 in a clever way.
neighbot may not be the one. It reports 'bogon's for all link-local
addresses, including the one of the host running neighbot...
hostname: <unknown>
ip address: fe80::7490:5ff:fexx:xxxx (redacted)
ethernet address: 76:90:05:xx:xx:xx (redacted)
ethernet vendor: <unknown>
interface: vlan4
timestamp: Tuesday, February 24, 2026 10:45:44 +0100
Otherwise, it looks ok to me port wise.
--
Matthieu Herrb
