From 8fc78f02e96e3d302af1f06fd953e79773445308 Mon Sep 17 00:00:00 2001 From: jokob-sk Date: Tue, 24 Feb 2026 07:07:55 +1100 Subject: [PATCH] BE: Better arpo-scan accuracy w/ system optimization Signed-off-by: jokob-sk --- ....sh => 36-override-individual-settings.sh} | 2 +- .../entrypoint.d/37-host-optimization.sh | 93 +++++++++++++++++++ 2 files changed, 94 insertions(+), 1 deletion(-) rename install/production-filesystem/entrypoint.d/{36-override-loaded-plugins.sh => 36-override-individual-settings.sh} (91%) create mode 100644 install/production-filesystem/entrypoint.d/37-host-optimization.sh diff --git a/install/production-filesystem/entrypoint.d/36-override-loaded-plugins.sh b/install/production-filesystem/entrypoint.d/36-override-individual-settings.sh similarity index 91% rename from install/production-filesystem/entrypoint.d/36-override-loaded-plugins.sh rename to install/production-filesystem/entrypoint.d/36-override-individual-settings.sh index 829a2928..0ed4fc18 100644 --- a/install/production-filesystem/entrypoint.d/36-override-loaded-plugins.sh +++ b/install/production-filesystem/entrypoint.d/36-override-individual-settings.sh @@ -1,5 +1,5 @@ #!/bin/bash -# 36-override-loaded-plugins.sh - Applies environment variable overrides to app.conf +# 36-override-individual-settings.sh - Applies environment variable overrides to app.conf set -eu diff --git a/install/production-filesystem/entrypoint.d/37-host-optimization.sh b/install/production-filesystem/entrypoint.d/37-host-optimization.sh new file mode 100644 index 00000000..6cfe9b9f --- /dev/null +++ b/install/production-filesystem/entrypoint.d/37-host-optimization.sh @@ -0,0 +1,93 @@ +#!/bin/sh + +# 37-host-optimization.sh: Apply and validate network optimizations (ARP flux fix) +# +# This script improves detection accuracy by ensuring proper ARP behavior. +# It attempts to apply sysctl settings and warns if not possible. + +# --- Color Codes --- +RED=$(printf '\033[1;31m') +YELLOW=$(printf '\033[1;33m') +RESET=$(printf '\033[0m') + +# --- Skip flag --- +if [ -n "${SKIP_OPTIMIZATIONS:-}" ]; then + exit 0 +fi + +# --- Helpers --- + +get_sysctl() { + sysctl -n "$1" 2>/dev/null || echo "unknown" +} + +set_sysctl_if_needed() { + key="$1" + expected="$2" + + current="$(get_sysctl "$key")" + + # Already correct + if [ "$current" = "$expected" ]; then + return 0 + fi + + # Try to apply + if sysctl -w "$key=$expected" >/dev/null 2>&1; then + return 0 + fi + + # Failed + return 1 +} + +# --- Apply Settings (best effort) --- + +failed=0 + +set_sysctl_if_needed net.ipv4.conf.all.arp_ignore 1 || failed=1 +set_sysctl_if_needed net.ipv4.conf.all.arp_announce 2 || failed=1 +set_sysctl_if_needed net.ipv4.conf.default.arp_ignore 1 || failed=1 +set_sysctl_if_needed net.ipv4.conf.default.arp_announce 2 || failed=1 + +# --- Validate final state --- + +all_ignore="$(get_sysctl net.ipv4.conf.all.arp_ignore)" +all_announce="$(get_sysctl net.ipv4.conf.all.arp_announce)" + +# --- Warning Output --- + +if [ "$all_ignore" != "1" ] || [ "$all_announce" != "2" ]; then + >&2 printf "%s" "${YELLOW}" + >&2 cat <&2 printf "%s" "${RESET}" +fi