olivier/stupid-simple-network-inventory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: guard _ping() against proxy-ARP false positives

Browse Source 
Verify that the ICMP reply source IP matches the target before
reporting a host as alive. Prevents scan from returning the entire
CIDR range when a gateway answers ARP requests on behalf of all IPs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Olivier
2026-05-18 08:38:58 +02:00
parent 0a91d840be
commit cf07461436
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/routers/discovery.py
+6 -1
View File
@@ -54,7 +54,12 @@ def _ping(ip: str) -> bool:
capture_output=True, capture_output=True,
timeout=3, timeout=3,
) )
return r.returncode == 0 if r.returncode != 0:
return False
# Guard against proxy-ARP / gateway false positives: verify the ICMP
# reply actually came from the target IP and not an intermediate node.
stdout = r.stdout.decode(errors="ignore")
return f"from {ip}:" in stdout or f"from {ip} " in stdout
except Exception: except Exception:
return False return False