Network discovery fails on bridge interfaces with VLANs (Unraid/Linux bridge setups) #456
Description
Title: Network discovery fails on bridge interfaces with VLANs (Unraid/Linux bridge setups)
Environment:
- Scanopy Version: v0.13.3 (server and daemon)
- Deployment: Docker Compose on Unraid
- Daemon Mode: host networking with privileged: true
- OS: Unraid (Linux)
Network Configuration:
Physical NICs (eth0, eth1, eth2) → bond0 → br0 (10.14.14.7/24)
├─ br0.21 (10.14.21.7/24)
├─ br0.28 (10.14.28.7/24)
└─ br0.12 (10.14.12.7/24)
Issue Description:
Network Discovery fails to scan any hosts because the daemon attempts ARP scanning on eth0 (which has no IP address) instead of using the bridge interfaces (br0, br0.21, br0.28, br0.12) where the actual IPs are configured.
Expected Behavior:
The daemon should use the bridge interfaces that have IP addresses assigned for ARP scanning, not the underlying physical interfaces that are part of the bond/bridge.
Actual Behavior:
- Daemon correctly enumerates all interfaces and detects IPs on bridge interfaces
- Daemon selects
eth0as "suitable interface for ARP" - ARP scan fails on all subnets with:
No IPv4 address found on interface, skipping ARP scan interface=eth0 - Discovery completes with 0 hosts found
Relevant Logs:
2026-01-09T16:17:26.741757Z INFO scanopy::daemon::discovery::service::network: Starting continuous discovery pipeline total_ips=1024 interfaced_ips=1024 non_interfaced_ips=0
2026-01-09T16:17:26.752280Z INFO scanopy::daemon::discovery::service::network: Starting ARP discovery subnets=4 total_ips=1024 arp_retries=2 arp_rate_pps=50
2026-01-09T16:17:26.754624Z WARN scanopy::daemon::discovery::service::network: No IPv4 address found on interface, skipping ARP scan interface=eth0 cidr=10.14.12.0/24
2026-01-09T16:17:26.756459Z WARN scanopy::daemon::discovery::service::network: No IPv4 address found on interface, skipping ARP scan interface=eth0 cidr=10.14.14.0/24
2026-01-09T16:17:26.757978Z WARN scanopy::daemon::discovery::service::network: No IPv4 address found on interface, skipping ARP scan interface=eth0 cidr=10.14.21.0/24
2026-01-09T16:17:26.759330Z WARN scanopy::daemon::discovery::service::network: No IPv4 address found on interface, skipping ARP scan interface=eth0 cidr=10.14.28.0/24
2026-01-09T16:17:26.759347Z INFO scanopy::daemon::discovery::service::network: Deep scanning hosts as they are discovered deep_scan_concurrency=203 grace_period_secs=30
2026-01-09T16:17:56.764624Z INFO scanopy::daemon::discovery::service::network: Discovery pipeline complete hosts_discovered=0 hosts_scanned=0 results=0
Earlier in the logs, the daemon correctly detects the bridge interfaces:
2026-01-09T16:12:27.406322Z DEBUG scanopy::daemon::utils::base: Found interface name=br0 index=10 is_up=true is_loopback=false mac=Some(00:e2:59:01:ce:cb) ips=[V4(Ipv4Network { addr: 10.14.14.7, prefix: 24 })] flags=69699
2026-01-09T16:12:27.406336Z DEBUG scanopy::daemon::utils::base: Found interface name=br0.21 index=11 is_up=true is_loopback=false mac=Some(00:e2:59:01:ce:cb) ips=[V4(Ipv4Network { addr: 10.14.21.7, prefix: 24 })] flags=69699
2026-01-09T16:12:27.406350Z DEBUG scanopy::daemon::utils::base: Found interface name=br0.28 index=12 is_up=true is_loopback=false mac=Some(00:e2:59:01:ce:cb) ips=[V4(Ipv4Network { addr: 10.14.28.7, prefix: 24 })] flags=69699
2026-01-09T16:12:27.406363Z DEBUG scanopy::daemon::utils::base: Found interface name=br0.12 index=13 is_up=true is_loopback=false mac=Some(00:e2:59:01:ce:cb) ips=[V4(Ipv4Network { addr: 10.14.12.7, prefix: 24 })] flags=69699
Steps to Reproduce:
- Deploy Scanopy daemon on a Linux system with bonded NICs and bridge interfaces with VLAN tagging
- Configure Network Discovery to scan subnets that exist on bridge interfaces (br0, br0.X)
- Run Network Discovery
- Observe ARP scanning fails because daemon tries to use physical interface (eth0) instead of bridge interface
Impact:
This affects common homelab setups including:
- Unraid servers with multiple VLANs
- Linux systems using bridge networking for VM/container networks
- Any setup where the scanning host uses bridge interfaces instead of direct physical interface IPs
Workaround:
Docker Discovery still works correctly and discovers containerized services. However, physical network devices (routers, switches, non-Docker hosts) cannot be discovered.
Suggested Fix:
The ARP interface selection logic should:
- Match the subnet being scanned to the interface that has an IP in that subnet
- Prefer bridge interfaces over physical interfaces when both exist
- Use the interface that actually has the IP address for the target subnet, not just the first "suitable" physical interface
Related:
This may be related to the MACVLAN Networking documentation page, which suggests this is a known scenario but not fully supported yet.
Additional Context:
Docker Compose configuration:
scanopy-daemon-core:
image: ghcr.io/scanopy/scanopy/daemon:latest
container_name: scanopy-daemon-core
network_mode: host
privileged: true
restart: unless-stopped
environment:
- SCANOPY_SERVER_URL=http://10.14.14.7:60072
- SCANOPY_NETWORK_ID=${SCANOPY_NETWORK_ID}
- SCANOPY_DAEMON_API_KEY=${SCANOPY_API_KEY_CORE}
- SCANOPY_USER_ID=${SCANOPY_USER_ID}
- SCANOPY_NAME=scanopy-daemon-core
- SCANOPY_MODE=Push
- SCANOPY_DAEMON_URL=http://10.14.14.7:60073
- SCANOPY_PORT=60073
- SCANOPY_BIND_ADDRESS=0.0.0.0
- SCANOPY_HEARTBEAT_INTERVAL=30
volumes:
- /mnt/user/appdata/scanopy/daemon-config:/root/.config/daemon
- /var/run/docker.sock:/var/run/docker.sock:ro