--- ../arpwatch.orig/report.c	Sat Sep 30 19:41:10 2000
+++ ./report.c	Fri Sep 12 18:57:04 2003
@@ -45,6 +45,8 @@

 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -70,6 +72,8 @@

 #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")

+extern char *Watcher;
+
 static int cdepth;	/* number of outstanding children */

 static char *fmtdate(time_t);
@@ -232,15 +236,16 @@
 }

 void
-report(register char *title, register u_int32_t a, register u_char *e1,
-    register u_char *e2, register time_t *t1p, register time_t *t2p)
+report(evt_type event, register u_int32_t a, register u_char *e1,
+    register u_char *e2, register time_t *t1p, register time_t *t2p,
+    register char *interface, register char *old_interface)
 {
 	register char *cp, *hn;
 	register int fd, pid;
 	register FILE *f;
 	char tempfile[64], cpu[64], os[64];
 	char *fmt = "%20s: %s\n";
-	char *watcher = WATCHER;
+	char *watcher = Watcher ? Watcher : WATCHER;
 	char *watchee = WATCHEE;
 	char *sendmail = PATH_SENDMAIL;
 	char *unknown = "<unknown>";
@@ -251,9 +256,15 @@
 	if (initializing)
 		return;

+	/* these types are sent to syslog instead of reported on.
+	 * only continue if there are other events as well
+	 */
+	if (event == NULL || (event & ~(IP_ETHER_REUSE | FLIPFLOP_DECNET) == 0))
+	  return;
+
 	if (debug) {
 		if (debug > 1) {
-			dosyslog(LOG_NOTICE, title, a, e1, e2);
+			dosyslog(LOG_NOTICE, "event", a, e1, e2);
 			return;
 		}
 		f = stdout;
@@ -270,7 +281,7 @@
 		}

 		/* Syslog this event too */
-		dosyslog(LOG_NOTICE, title, a, e1, e2);
+		dosyslog(LOG_NOTICE, "event", a, e1, e2);

 		/* Update child depth */
 		++cdepth;
@@ -304,12 +315,31 @@
 	(void)fprintf(f, "To: %s\n", watcher);
 	hn = gethname(a);
 	if (!isdigit(*hn))
-		(void)fprintf(f, "Subject: %s (%s)\n", title, hn);
+		(void)fprintf(f, "Subject: Arpwatch Event (%s)\n", hn);
 	else {
-		(void)fprintf(f, "Subject: %s\n", title);
+		(void)fprintf(f, "Subject: Arpwatch Event\n");
 		hn = unknown;
 	}
 	(void)putc('\n', f);
+
+	if (event & ETHER_NEW)
+	  (void)fprintf(f, fmt, "event", "new ethernet device");
+	if (event & ETHER_IFCHG)
+	  (void)fprintf(f, fmt, "event", "ethernet device changed interfaces");
+	if (event & ACTIVITY_NEW)
+	  (void)fprintf(f, fmt, "event", "new activity");
+	if (event & IP_NEW)
+	  (void)fprintf(f, fmt, "event", "new active IP address");
+	if (event & IP_ETHERCHG)
+	  (void)fprintf(f, fmt, "event", "IP changed ethernet address");
+	if (event & FLIPFLOP)
+	  (void)fprintf(f, fmt, "event", "flip flop");
+
+	(void)fprintf(f, fmt, "interface", interface);
+
+	if (old_interface != NULL)
+	  (void)fprintf(f, fmt, "old interface", old_interface);
+
 	(void)fprintf(f, fmt, "hostname", hn);
 	(void)fprintf(f, fmt, "ip address", intoa(a));
 	(void)fprintf(f, fmt, "ethernet address", e2str(e1));
@@ -344,6 +374,25 @@
 		exit(1);
 	}
 	/* XXX Need to freopen()? */
+
+	/*
+	 * Open /dev/null as stdout and stderr so that sendmail 8.12.1 (and
+	 * above ?) won't complain about missing file descriptors.
+	 */
+	if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+		syslog(LOG_ERR, "Cannot open %s: %m", _PATH_DEVNULL);
+		exit(1);
+	}
+	if (dup2(fd, STDOUT_FILENO) == -1) {
+		syslog(LOG_ERR, "Cannot dup2 %s to stdout: %m", _PATH_DEVNULL);
+		exit(1);
+	}
+	if (dup2(fd, STDERR_FILENO) == -1) {
+		syslog(LOG_ERR, "Cannot dup2 %s to stderr: %m", _PATH_DEVNULL);
+		exit(1);
+	}
+	close(fd);
+
 	/* Always Deliver interactively (pause when child depth gets large) */
 	execl(sendmail, "sendmail", "-odi", watcher, NULL);
 	syslog(LOG_ERR, "execl: %s: %m", sendmail);