Open antoninchadima opened 1 year ago
this bug can be very easily reproduced: (i'm administering 5 subnets of 254 ip and it happens every day)
result - client cannot connect (client is more smart then adguard home and using arp scan detects duplicate ip) the client sends the request over and over and has no network acces after a while you have duplicated records, nul mac addresses and wrong hostnames in leases.json
at the same moment (the problem is 147.231.80.109)
adguard home
ping scan
arp scan
@antoninchadima, hello and thanks for thorough report. Indeed, the RFC 2131 makes this clear:
As a consistency check, the allocating server SHOULD probe the reused address before allocating the address, e.g., with an ICMP echo request, and the client SHOULD probe the newly received address, e.g., with ARP.
We're going to enhance the DHCP behavior in v0.108.0
release cycle, thanks again.
The RFC 2131 says:
And the Windows OS client did send a DHCPDECLINE message. But Adguard Home was sending the not accepted IP again and again.
it is more of a bug
A DHCP Decline message is sent by a DHCP client to notify the DHCP server that the allocated IP address conflicts with another IP address. The DHCP client then applies to the DHCP server for another IP address. The DHCP server notes the declined address as in use and avoids this address.
the ICMP echo on the server side and ARP probe on the client side is because of dhcp clients on other subnets... (yes this is possible with a dhcp relay / proxy), so the server uses layer 3 and the client layer 2...
but adguard home is mostly intended in small nets and home deployments - so i would assume that the dhcp server and client are on the same net...
so you should implement dhcpdecline the correct way (as a bug request) or scan the subnet and keep a track of the subnet as an enhancement request (this could be used for tracking a scanning clients on the network which does not use adguard dns server etc...)
Prerequisites
[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to report a bug and not ask a question or ask for help
[X] I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)
Platform (OS and CPU architecture)
Linux, AMD64 (aka x86_64)
Installation
Docker
Setup
On one machine
AdGuard Home version
v0.107.36
Action
setup a DHCP server in Adguard Home have some devices with IP addresses already in the DHCP pool (with DHCP leases from the previous DHCP server or with fixed IP) these devices should not respond to ping (some routers, switches, wifi ap, or computers with firewall and so on) so those devices are only detectable by an ARP scan
Expected result
Adguard Home should not only use ping for detecting colliding IP addresses but an proper ARP scan on the network on Linux for example provided by arp-scan
Actual result
devices with a new DHCP lease from Adguard can get a duplicated IP address resulting in Windows in disconnecting from the network and on other systems in traffic jam with colliding IP addresses
Additional information and/or screenshots
a regular ARP scanning could be used to provide further info in the DHCP screen
please consider having a separate DHCP and network scan / clients page having DHCP leases in config is not the best way this overview should show: IP, MAC, Vendor (by MAC overridden by DHCP request option), Host name, Lease Start, Lease End, Active lease? Alive ping? Alive ARP? Send DNS request? (are request in request log - already in PiHole!), Actions (delete, add to static etc. for example edit of lease start end end), DHCP Options send in the request and maybe reverse DNS resolve of the client IP and the overview should show all leases in leases.json - not only the active ones and it should contain even devices scanned/discovered (in a configurable period of time) to add them to static leases etc.
this enhancement would make a great tool from Adguard Home with an overview of devices on the actual subnet or DHCP pool