#277 Broken - discoveryCheck.php

[Riley Shott]

While attempting to use discoveryCheck.php in our environment, I noticed that it was sporadically working. Sometimes it would find hosts to add, and other times it wouldn't.

I figured out that the getSubnetsToDiscover() function in functions-network.php was only returning the IPs for the last subnet in the database. I determined this by printing out the size of the array before the function returned (our implementation has over 337000 hosts, and the size of the array being returned was 4096). I fixed this by creating a temp array in the foreach loop, and then merging it back into the main array (i.e. the one being returned) after each iteration. I've included the snippet of code below:

# getSubnetsToDiscover() function snippet

# set vars
$ip = array();              //we store IPs to scan to this array

# ok, we have subnets. Now we create array of all possible IPs for each subnet,
# and remove all existing
foreach($subnets as $s) {
            // create temp array to store this subnet's ip addresses
            $temp_ip = array();
            // get all existing IP addresses
            $addresses = getIpAddressesBySubnetId ($s['id']);
            // set start and end IP address
            $calc = calculateSubnetDetailsNew ( $s['subnet'], $s['mask'], 0, 0, 0, 0 );
            // loop and get all IP addresses for ping
            for($m=1; $m<=$calc['maxhosts']; $m++) {
                    // save to array for return
                    $temp_ip[$m]['ip_addr']  = $s['subnet']+$m;
                    $temp_ip[$m]['subnetId'] = $s['id'];
                    // save to array for existing check
                    $ipCheck[$m] = $s['subnet']+$m;
            }

            // remove already existing
            foreach($addresses as $a) {
                    $key = array_search($a['ip_addr'], $ipCheck);
                    if($key!==false) {
                            unset($temp_ip[$key]);
                    }
            }
            // merge results back to array being returned
            $ip = array_merge($ip, $temp_ip);
}

// uncomment to see how many IPs will be scanned
//print sizeof($ip);
# return result
return $ip;

[Riley Shott]

Actually this may not be ideal, as my first run after patching aborted from what I believe to be a lack of resources. I've had to bump up my memory_limit to 1024M, and it's still bailing (the box has 8GB). I'll try to figure out a better method, but any input/insight would be great.

Thanks!

Edit: It looks like it either ends up killing mysqld or the parent (the php script). I think I've found a sweet spot at setting a memory_limit of 260M, and a max threads of 25. However with 337000+ hosts, it's going to take a long time. I've left it running and will report back whether or not it actually succeeds in adding the hosts.

Edit2: It succeeded, but took 18 hours.

[Jim Julson]

Hi There,

So, that's a LOT of hosts to do a PING on. I'm not sure about how the app executes multiple threads, but you could try to use FPING in place of PING. It's a lot faster, and might be a bit more efficient.

I should state that I'm not fully sure what all you'd have to do in order to get FPING working. You may have to create a symlink or something since I think that PHPIPAM looks for "ping" specifically...Just setting the directory in the GUI won't cover it.

Also, I too have this problem as do others in the Support Section

[Anonymous]

Hi Jim,

I think I may have a solution. I've made some modifications to discoveryCheck.php and functions-network.php, and it looks like it's running better (i.e. I'm able to run it at 128 threads instead of 30). However, I'll reserve final judgement until my time php discoveryCheck.php command finishes. I will also attach the two modified files once I've confirmed there is an improvement.

[Riley Shott]

Hi Jim,

I may have a solution. I've made some modifications to discoveryCheck.php & functions-network.php, and the script seems to be running better (i.e. I'm able to run it at 128 threads instead of 25). However, I'll reserve final judgement until my time php discoveryCheck.php command finishes. If there is a noticeable improvement I will attach the two modified files here.

Update: It took about 3 hours, so a big improvement. As promised, attached are the two files I've modified.

[Andrey Voroshnin]

Hi Riley,

You can improve this script even better by disabling the resolve function or you can use another method to achieve IP back resolve. I've modified script and resolve function a little bit. Using host or nslookup depending on system. You can check them out if you wish. I don't have such big network to test it on.

[Riley Shott]

Thanks, Jim, for bringing fping to my attention. I've gone ahead and wrote a discovery script for it, and now my scans now only take 20 minutes with 5 threads (and I could bump that up, the boxes are still napping during its run). I've attached the script and a modified version of Thread.php (fpingThread.php), which fpingDiscoveryCheck.php requires. The script has two requirements, you must point the script to your fping (v 3+) binary (variable inside the script), and php-process needs to be installed.

Edit: This script also requires the version of functions-network.php I posted earlier. Otherwise the query to grab the subnets won't be in the format it expects.

[Anonymous]

Riley,

I can't say thank you enough for putting forth the effort to do this on behalf of the whole community. I hope that Miha see's this :)

So, do I have to adjust the poller in the GUI to use "fping" as well, and then I'm assuming that we alter the CRON job to point to the FPING variants of the discovery mechanism?

Last, for "php-process", I run ubuntu 14.04 LTS, and I'm not familiar with that package. Doing a search in the apt repo, I don't see anything like that. Do you by chance know the package we need on ubuntu (Debian based)?

[Jim Julson]

This might be a duplicate post because I wasn't logged in when I tried the first time...my apologies if it is..

Thank you so much for doing this work, on behalf of everyone in our shoes!

A couple questions.
1. For debian based systems like Ubuntu, I can't seem to find "php-process". Are you familiar with the variant, or is this package already included by default?

1. Do we need to change the poller path in the PHPIPAM GUI to /usr/bin/fping (Default for fPing v3+) to make this work, or is just altering the CRON job to point to the fPing variants good enough?

Thanks again so much! This is FANTASTIC!

[Anonymous]

Hello Riley,

I have a problem with your patch, the fping v 3 can't test ip address with /31. I added a function "CIDRToRange" in fpingDiscoveryCheck.php, and it works.

But i have another problem, fpingDiscoveryCheck.php discovers more ip addresses than there is in a subnet

[Anonymous]

Very well done! This is something that we should request gets bumped into the actual build. FPING should be an optional methodology as a scanning mechanism since it's far more scalable for larger enterprises.

Then, obviously we need to see the underlying issue fixed with the Discoverhosts and what not.

[Riley Shott]

No problem.

1. I believe with a Debian based OS it's bundled with the php pcntl module (which is required anyway).

2. No you don't. You set the path for fping in the fpingDiscoveryCheck.php script. You point your cron job to the new script.

[Miha Petkovsek]

Hi, thanks for this, looks really promising. Once I push updates to latest development version I will ask you to modify ping scripts to also include fping.

My proposal would be to have 1 main script for discovery/status updates and appropriate ping script would be set based on ping location from settings on database - if it would be fping that fping would be used, otherwise normal ping.

brm

[Anonymous]

Hello Riley,

I have a problem with your patch, the fping v 3 can't test ip address with /31.
I added a function "CIDRToRange" in fpingDiscoveryCheck.php, and it works.

But i have another problem, fpingDiscoveryCheck.php discovers more ip addresses than there is in a subnet .

[Anonymous]

Hello Riley,

I have a problem with your patch, the fping v 3 can't test ip address with /31.
I added a function "CIDRToRange" in fpingDiscoveryCheck.php, and it works.

But i have another problem, fpingDiscoveryCheck.php discovers more ip addresses than there is in a subnet

[Riley Shott]

To the Anonymous poster (can't see what you posted yet),

Did you replace functions-network.php with the version I posted? I had to modify what getSubnetsToDiscover() returns and if you haven't, it may be why it's adding duplicate IPs.

[Sanaa rayane]

Hello Riley,

I'm sorry for the previous message.

I had a problem with fpingDiscoveryCheck.php, the fping executable v3.2 refuses subnets in "/31".
To solve this problem, I added a function "cidrToRange" in the file fpingDiscoveryCheck.php (lines 9-15) that returns the first and last address of a subnet.
Then, I changed the call to start a thread (line 68-69) to call the function "cidrToRange".

[Riley Shott]

Good catch, Sanaa! Thanks for doing that.

There's probably a better place for this, but I've created two more scripts which I found we needed and thought I'd share them here:

pruneOffline.php - Removes hosts that haven't been seen in X number of seconds (default is 86400, 3 days, configurable as a variable inside the script)

dnsCheck.php - Similar to pingCheck.php, but instead rechecks every host's reverse DNS entry. If a mismatch is found, it will update the entry. This will be useful in subnets that use DHCP and dynamic DNS.

Attached all are the most recent versions of the files I've modified (including Sanaa's patch). If anyone wishes to use them, you will probably need to replace all the files (ex: dnsCheck.php requires the updated version of functions-network.php, etc...). For the email function to work as well, the patch below is required:

https://sourceforge.net/p/phpipam/patches/22/

Edit: dnsCheck.php is very similar to resolveIPaddresses.php albeit it has reporting, and will go through records that already have a DNS entry. As mentioned previously, php-process will need to be installed for fping on RH-like systems.

[Jim Julson]

Hi there Riley! I hope this finds you well!

It's been a while, but I'm now finally getting back to this project again within the org. I wanted to say thank you for putting in the effort to get all of this worked into PHPIPAM. In my mind, these are fundamental necessities for any IPAM installation. Fantastic work!

I really hope all this makes it into the next release. I'm really looking forward to it! Thanks again!

[Benoit Lambert]

Hi Riley,

I have ran a discovery (fpingDiscoveryCheck.php) with your latest scripts (great job!) but the network and broadcast addresses are getting added as hosts.

Anyway way to fix this?

Thanks.

[Anonymous]

Which fping version are you using? I experienced this with a version < 3. I installed 3.9 and the problem is gone.