Network Binding Arping and DHCP issues

Add-ons Bindings
1

Hey guys,

i recently tried to get the network binding up and running to detect my pc coming online.
Reason for that is that i want to switch on the socket for the screen then.

arping is lying in /usr/sbin/arping. But it isn’t working.
I added the thing manually and that is what i get:

HIDE PROPERTIES
arp_state Disabled
dhcp_state No access right for port 67. Bound to port 6767 instead. Port forwarding necessary!
icmp_state IPUTILS_LINUX_PING
presence_detection_type
uses_ios_wakeup Yes

For DHCP i tried the solution from this post. But not working as well.

Here is my binding configuration:

Anmerkung%202019-07-31%20101842
Anmerkung%202019-07-31%20101842996×487 19.4 KB

I hope you can help we what is wrong here.

2

For arping, are the permissions set to execute? Can you run it from the command line?

No process is allowed to bind to lower numbered ports unless it is running as use root. By default openHAB runs as the user openhab so it doesn’t have permission to bind to port 67. The docs for the binding explain this problem and how to address it. https://www.openhab.org/addons/bindings/network/#dhcp-listen

You will need to either run OH as root or set up IPTABLES rules to forward port 67 to port 6767 so OH has permission to bind to it.

Though, the last post in that thread you posted has a really elegant solution, if you are OK giving openHAB permission to bind to any port which has a slight security implication.

1 Like
3

I can reach arping from the command line. I just typed arping and it shows me the help.

So i made progress with all the recommended steps from the network binding documentation AND the last post in the thread i posted above.

Properties
arp_state Disabled
dhcp_state Running normally
icmp_state IPUTILS_LINUX_PING
presence_detection_type
uses_ios_wakeup Yes

BUT the arp_state is still disabled and no presence_detection_type? Any ideas on that?

4

Do an ls -l /usr/sbin/arping and check that there are three “x” in the permissions. It should look something like “-rwxr-xr-x”

I don’t have any further ideas. I don’t use arping though the binding.

5

hi, what do you use for detection through network binding then?
Thanks in advance

6

It seems to me exactly the same in the configuration of the thing with openhab 2.5.0-M2, and network binding 2.5.0-M2, when checking in trace log the network binding, the arp ping works even if it is not shown in the thing, then i don’t known what type of arp ping it detects.

You can try the version that Konstantin_Panchenko did, in my opinion, this shows better information about what is used

7

If you want arping to run as root without being root and you don’t mind anyone on your system running it, you can change the file mode to +setuid. When it is run it will assume the user account that owns the executable file.

eg.

sudo chmod u+s /usr/bin/arping
sudo chown root /usr/bin/arping

If you want to limit it’s access to only some users, then in addition create a group for those users eg.

addgroup arping
gpasswd -a openhab arping

Then remove world execute permissions and make arping owned by the group arping with group execution rights.

sudo chgrp arping /usr/bin/arping
sudo chmod w-x /usr/bin/arping
sudo chmod g+x /usr/bin/arping

Now only members in the arping group (or root) can run it, but when it runs it will run as root.

If you think this is a nasty hack and shouldn’t be done as it provides elevated privilege execution then you should note the following output…

ls -l /bin/ping
or
ls -l /usr/bin/ping

On Unix ONLY root can use ping, so it is installed setuid root, so just repeat that pattern with arping.

There are several reasons why these utilities require root. Binding to a low port is one of them, the other is that both can be used for nefarious aims and cause quite a lot of disruption to a network in the right (wrong?) hands.

As a small aside, using ARP for device detection is not always very reliable. The ARP protocol does not specify important things like how long an entry can be cached. Also devices with power saving modes may only send beacons to remain on Wifi and will ignore everything including ARP packets while sleeping. My MotoG5+ will not send or receive any network traffic while sleeping. Not ping, not arping, nothing. The only thing it does respond to is the Wifi beacons, so it appears connected to Wifi, but you can’t talk to it.

8

Then you don’t understand DAC. :wink: As you explain, this is how it’s supposed to work. Thanks for the excellent explanation!

Have you tried the hping3 approach? You can’t do it through the network binding but you can execute an external script to issue one special type of packet which wakes the device enough to respond to the ARP. I know it works like a champ with iPhones, Pixel 2XL and Pixel 3XL.

iPhone Presence Detection with hping3 and ARP - #28 by rtvb has the original and the script I’m using is

#!/bin/bash

# https://community.openhab.org/t/iphone-presence-detection-with-hping3-and-arp/18171/28

# detect iphone by IP and MAC address.
# use MAC address too, to prevent false positives if IP might change
# return ON or OFF so output can be directly bound to a switch item

# number of retries, less is faster, but less accurate
MAXRETRIES=20

# exit immediately if no parameters supplied
if [ $# -lt 2 ]
        then
                echo "UNDEF"
                exit 1
fi

# Set variables
IP=$1
MAC=$2

COUNT=0
while [ ${COUNT} -lt ${MAXRETRIES} ];
do
        ip neigh flush dev eth0 ${IP}
        hping3 -q -2 -c 10 -p 5353 -i u1 ${IP} >/dev/null 2>&1
        sleep 1

        # Only arp specific device, grep for a mac-address
        STATUS=`/usr/sbin/arp -an ${IP} | awk '{print $4}' | grep "${MAC}"`

        if [ ${#STATUS} -eq 17 ]; then
                # exit when phone is detected
                echo "${IP} ON"
                exit 0
        fi
        let COUNT=COUNT+1
        sleep .1
done

# consider away if reached max retries
echo "${IP} OFF"
1 Like
9

Thank you, I have been stuck on this question for a bit so I fixed the permissions and then looked in the logs to see the service could not see arping. So I have installed that

oot@Veriton:/var/log/openhab2# apt -a list openhab2
Listing… Done
openhab2/stable,now 2.5.12-1 all [installed]
openhab2/stable 2.5.3-1 all

021-11-12 17:05:12.702 [INFO ] [control.internal.WebSocketConnection] - Web Socket close 1005. Reason: null
2021-11-12 17:05:16.838 [INFO ] [b.core.service.AbstractActiveService] - NetworkHealth Refresh Service has been started
2021-11-12 17:05:17.235 [INFO ] [ternal.dhcp.DHCPPacketListenerServer] - DHCP request packet listener online

I have a couple of dummy ip addresses set up as things which are getting false positives as being online.

Back to the drawing board.

10

Don’t forget the ONLINE status of the Thing has nothing to do with whether or not the device is responding to pings. It just means that the Network binding itself is online and working. You have to link a switch item to the Channel and if the device is not responding to pings that Switch will be OFF.

1 Like
11

That makes total sense, yes I was wanting to check device status however that explains what I am seeing. Thank you.

Yes I am a noobie to OH, however I have been in the IT industry all my life, however I left the industry a several years ago. So OH is part of me getting back to the industry I love. So I have long term plans for our OH installation in our home based business and in our goal to take our house off grid from the electricity grid. Big projects require a good foundation and as we say in the industry why re-invent the wheel.