which shows routes. It seems to identify all the devices on my LAN, attached to WAPS or wired in quite well.
I’d like to know how to get this same information via the CLI? And ideally how to see it with an extra column being the name of the device if it happens to be identifiable (for example if it’s an active DHCP lease there’s a name in /tmp/dhcp.leases.
I’ve looked pretty hard and am snowed under with info alas around routing and commands but have not found how to replicate these nice tables, and wonder if there is a place I can see how LuCI is collecting such data too?
The LuCI template for this page can be found in /usr/lib/lua/luci/view/admin_status/routes.htm
A shell-script doing about the same but not so fancy could be:
#!/bin/sh
for dev in $(tail -n+3 /proc/net/dev | cut -f1 -d: | grep -v '^ \+\(lo\|wg\|ppp.\+\)$')
do
echo "==== known hosts for $dev ===="
grep "^.\{72\}$dev\$" /proc/net/arp | while read ip hwtype flags mac mask dev
do
printf "%-15s %-17s " $ip $mac
(grep "^[0-9]\+ $mac $ip " /tmp/dhcp.leases || echo "0 $mac $ip (unknown)") | cut -d\ -f4
done
done
It may break anything if someone uses a really nasty dhcp identifier.
It is more or less untested as i don’t have a router with such configuration at hand.
It does not use dns for resolving the names as my small router does not have any useful tool for this and my Omnia runs ArchLinux.
Why thanks you ever so much for the pointers and the awesome script. Have just tried and works quite well, though I will work on improving it to read the other available name sources I have, notably /etc/config/dhcp, as the ARP table includes IP’s for machines not in /tmp/dhcp.leases but known and defined in /etc/config/dhcp.
There’s also a file somewhere that majordomo uses for making MAC to name as I configured it separately and when I find it I may script updating it and /etc/config/dhcp from a central source (or choosing the one as the master, say /etc/config/dhcp and updating the other from it).
The insights into where the LuCI templates and lua code live are pleasing too. Thanks. I would like to find where ipairs is defined it seems as that is what the LuCI page uses to build the table, it’s used throughout LuCI but I’ve not found a definition of it yet. I’ll potter along.
Which is really kind of nice. I like it and would like to see this column in LuCI at some point as well as column sorting. If I have time and can find a way to do I’ll do that (well post an issue first, then maybe fix it and request a pull given it’s all on github ;-).
What puzzles me in the interim is two things:
The list from /proc/net/arp is larger than that listed by LuCI under routes including items not shown by LuCI
Some items warrant some deeper understanding. Notably:
a) I see the same MAC (my phone listed under a number of IP addresses!
b) I see some names, none of which are shown by LuCI and I can’t identify:
i) some have zero MAC!
ii) one has a MAC but unknown to me and on a bizarre IP.
iii) 192.168.0.9 is almost certainly not connected anywhere. It was an IP I used, for a local device until recently (I remapped them all), but that was days ago at least, perhaps longer with route restarts between.
My DHCP serves from 101 up with below reserved, and I have static leases reserved below that.
I’m curious what exactly is in /proc/net/arp and where that is documented thoroughly. Casual reading suggest that Flags of 0x0 suggests an incomplete entry in the ARP table and should be ignored. Perhaps that’s one thing LuCI does, but for example all my bizarre phone IPs have 0x2 and I can’t easily divine why my phone has to many IP addresses.
Thanks. The question remains, does LuCI source its data on “routes” from /proc/net/arp, and if so how does it filter the list given it’s not listing all the /proc/net/arp entries.
Not sure what you mean by 11.68? A typo perhaps for 192.168 … ? becars the RFC just lists:
When I look now, my script and LuCI agree, it’s a much quieter time, early Sunday morn and only 6 devices in the table and nothing suspicious and no deviation.
The prefix 100.64.0.0/10 goes from 100.64.0.0 to 100.127.255.255. So 100.82.104.220 is within this range. I think this is the biggest allocation done in the last years.
Gotcha, my apologies for failing to read /10 properly.
I admit though that I’m not sure of the relevance of the observation. It seems my ISP assigned a CGNAT IP to the phone so that came though them, and the others? Can they perhaps have come from data connections (GSM)? I mean I’m not seeing it now and really just fishing for understanding how one phone can 5 bizarre IP addresses I guess.