Luci routes from the CLI?

Bernd_Wechner · June 2, 2017, 1:45am

LuCI has a nice page at:

cgi-bin/luci/admin/status/routes

which shows routes. It seems to identify all the devices on my LAN, attached to WAPS or wired in quite well.

I’d like to know how to get this same information via the CLI? And ideally how to see it with an extra column being the name of the device if it happens to be identifiable (for example if it’s an active DHCP lease there’s a name in /tmp/dhcp.leases.

I’ve looked pretty hard and am snowed under with info alas around routing and commands but have not found how to replicate these nice tables, and wonder if there is a place I can see how LuCI is collecting such data too?

adminX · June 2, 2017, 5:52am

The LuCI template for this page can be found in /usr/lib/lua/luci/view/admin_status/routes.htm

A shell-script doing about the same but not so fancy could be:

#!/bin/sh

for dev in $(tail -n+3 /proc/net/dev | cut -f1 -d: | grep -v '^ \+\(lo\|wg\|ppp.\+\)$')
do
        echo "==== known hosts for $dev ===="
        grep "^.\{72\}$dev\$" /proc/net/arp | while read ip hwtype flags mac mask dev
        do
                printf "%-15s %-17s " $ip $mac
                (grep "^[0-9]\+ $mac $ip " /tmp/dhcp.leases || echo "0 $mac $ip (unknown)") | cut -d\  -f4
        done
done

It may break anything if someone uses a really nasty dhcp identifier.
It is more or less untested as i don’t have a router with such configuration at hand.
It does not use dns for resolving the names as my small router does not have any useful tool for this and my Omnia runs ArchLinux.

Bernd_Wechner · June 3, 2017, 1:32pm

Why thanks you ever so much for the pointers and the awesome script. Have just tried and works quite well, though I will work on improving it to read the other available name sources I have, notably /etc/config/dhcp, as the ARP table includes IP’s for machines not in /tmp/dhcp.leases but known and defined in /etc/config/dhcp.

There’s also a file somewhere that majordomo uses for making MAC to name as I configured it separately and when I find it I may script updating it and /etc/config/dhcp from a central source (or choosing the one as the master, say /etc/config/dhcp and updating the other from it).

The insights into where the LuCI templates and lua code live are pleasing too. Thanks. I would like to find where ipairs is defined it seems as that is what the LuCI page uses to build the table, it’s used throughout LuCI but I’ve not found a definition of it yet. I’ll potter along.

Thanks so much for the leg up so far.

adminX · June 3, 2017, 2:31pm

ipairs is a Lua function. Just Google for Lua manual

Bernd_Wechner · June 4, 2017, 12:02pm

Thanks, done. I guess it’s ip.neighbors({ family = 4 }) that I have to understand next,

In the interim I’ve hacked up a python rendition of your suggestion and it’s here:

as “routes”.

Alas exploring this I find more questions. For example, routes prints for me:

# routes -i
HW name                   IP address       HW type     Flags       HW address            Mask     Device
Phone-Bernd-VibeX2        10.90.251.90     0x1         0x2         14:36:c6:77:a5:7d     *        br-lan
Phone-Bernd-VibeX2        10.92.117.11     0x1         0x2         14:36:c6:77:a5:7d     *        br-lan
Phone-Bernd-VibeX2        10.92.150.95     0x1         0x2         14:36:c6:77:a5:7d     *        br-lan
Phone-Bernd-VibeX2        10.93.111.129    0x1         0x2         14:36:c6:77:a5:7d     *        br-lan
Phone-Bernd-VibeX2        100.82.104.220   0x1         0x2         14:36:c6:77:a5:7d     *        br-lan
Octopus                   192.168.0.2      0x1         0x2         10:da:43:03:79:6c     *        br-lan
Fluffy                    192.168.0.3      0x1         0x2         e4:f4:c6:12:ae:5e     *        br-lan
StPeter                   192.168.0.4      0x1         0x2         e4:f4:c6:19:2e:5f     *        br-lan
<unknown>                 192.168.0.9      0x1         0x0         00:00:00:00:00:00     *        br-lan
Bigfoot                   192.168.0.11     0x1         0x2         08:62:66:4a:31:5b     *        br-lan
Cyclops                   192.168.0.12     0x1         0x2         b8:ae:ed:72:f8:8d     *        br-lan
Nessie                    192.168.0.13     0x1         0x2         00:08:9b:d9:b9:5a     *        br-lan
Arachne                   192.168.0.14     0x1         0x2         b8:27:eb:24:db:8b     *        br-lan
Papyrus                   192.168.0.21     0x1         0x2         30:05:5c:89:79:ab     *        br-lan
Yamaha                    192.168.0.22     0x1         0x2         00:a0:de:a5:4f:ce     *        br-lan
Phone-Bernd-VibeX2        192.168.0.41     0x1         0x0         14:36:c6:77:a5:7d     *        br-lan
Phone-Dani-iPhone         192.168.0.42     0x1         0x0         48:e9:f1:9c:97:e1     *        br-lan
Phone-GypsyAnna-iPhone    192.168.0.43     0x1         0x0         40:b3:95:0d:2d:30     *        br-lan
Phone-Julie               192.168.0.44     0x1         0x0         f4:09:d8:d5:4e:aa     *        br-lan
Tablet-Mara-iPad          192.168.0.48     0x1         0x0         30:10:e4:be:d9:b7     *        br-lan
Tablet-Dani-iPad          192.168.0.49     0x1         0x2         3c:ab:8e:40:94:b3     *        br-lan
Thumbprint                192.168.0.51     0x1         0x0         94:39:e5:76:84:35     *        br-lan
Dani-Spectre              192.168.0.52     0x1         0x0         00:28:f8:33:94:ec     *        br-lan
Gypsy-Lenovo              192.168.0.53     0x1         0x0         a4:c4:94:44:e5:17     *        br-lan
Dani-Surface              192.168.0.54     0x1         0x0         b4:ae:2b:2d:8d:5d     *        br-lan
Julie-Laptop              192.168.0.55     0x1         0x2         c4:85:08:60:fd:2e     *        br-lan
<unknown>                 192.168.0.101    0x1         0x0         00:00:00:00:00:00     *        br-lan
<unknown>                 192.168.0.164    0x1         0x0         20:f8:5e:f8:71:63     *        br-lan

Which is really kind of nice. I like it and would like to see this column in LuCI at some point as well as column sorting. If I have time and can find a way to do I’ll do that (well post an issue first, then maybe fix it and request a pull given it’s all on github ;-).

What puzzles me in the interim is two things:

The list from /proc/net/arp is larger than that listed by LuCI under routes including items not shown by LuCI
Some items warrant some deeper understanding. Notably:

a) I see the same MAC (my phone listed under a number of IP addresses!
b) I see some names, none of which are shown by LuCI and I can’t identify:
i) some have zero MAC!
ii) one has a MAC but unknown to me and on a bizarre IP.
iii) 192.168.0.9 is almost certainly not connected anywhere. It was an IP I used, for a local device until recently (I remapped them all), but that was days ago at least, perhaps longer with route restarts between.

My DHCP serves from 101 up with below reserved, and I have static leases reserved below that.

I’m curious what exactly is in /proc/net/arp and where that is documented thoroughly. Casual reading suggest that Flags of 0x0 suggests an incomplete entry in the ARP table and should be ignored. Perhaps that’s one thing LuCI does, but for example all my bizarre phone IPs have 0x2 and I can’t easily divine why my phone has to many IP addresses.

Oh, the learning to do.

adminX · June 5, 2017, 10:01am

i can’t quote as my mobile does not allows it and my notebook is not allowed to login in the forums???

/proc/net/arp has all ARP entries the kernel knows about. No matter if it could reach or not the other device.

It seems your phone tried multiple IP addresses as source. This can be older connections to iCloud or Google Cloud Messenging or so.

The 100.68… is in shared address space. It is a bit like RFC1918-Space but for ISP.

Zero MAC ones are unresolved. Your router could not find the device associated with the IP. It is a negative cache.

Bernd_Wechner · June 10, 2017, 9:45pm

Thanks. The question remains, does LuCI source its data on “routes” from /proc/net/arp, and if so how does it filter the list given it’s not listing all the /proc/net/arp entries.

Not sure what you mean by 11.68? A typo perhaps for 192.168 … ? becars the RFC just lists:

 10.0.0.0        -   10.255.255.255  (10/8 prefix)
 172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
 192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

When I look now, my script and LuCI agree, it’s a much quieter time, early Sunday morn and only 6 devices in the table and nothing suspicious and no deviation.

adminX · June 11, 2017, 6:25am

I meant 100.64. The 68 seems to be autocorrected by my phone.

This IP is in the network 100.64.0.0/10. It is described in RFC 6598.

Bernd_Wechner · June 11, 2017, 6:30am

Cool, now I see it in the RFC, but none of the IPs I listed were in that range or?

adminX · June 11, 2017, 6:37am

The prefix 100.64.0.0/10 goes from 100.64.0.0 to 100.127.255.255. So 100.82.104.220 is within this range. I think this is the biggest allocation done in the last years.

Bernd_Wechner · June 11, 2017, 6:55am

Gotcha, my apologies for failing to read /10 properly.

I admit though that I’m not sure of the relevance of the observation. It seems my ISP assigned a CGNAT IP to the phone so that came though them, and the others? Can they perhaps have come from data connections (GSM)? I mean I’m not seeing it now and really just fishing for understanding how one phone can 5 bizarre IP addresses I guess.

adminX · June 11, 2017, 6:59am

It seems to be some other wifi network. Android sometimes tries to use the old IP from other wifi networks. Some kind of network mobility gone wrong.

Bernd_Wechner · June 11, 2017, 7:01am

An Android weirdness then? Strange that Android advertises those to my LAN router, but go figure. Thanks for you time and patience with my learning.