vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-06 02:01:37 -07:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

BE: Better arpo-scan accuracy w/ system optimization

Browse Source 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
This commit is contained in:
jokob-sk
2026-02-24 07:07:55 +11:00
parent 1a364e2fe2
commit 8fc78f02e9
2 changed files with 94 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/production-filesystem/entrypoint.d/36-override-loaded-plugins.sh → install/production-filesystem/entrypoint.d/36-override-individual-settings.sh
View File

@@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# 36-override-loaded-plugins.sh - Applies environment variable overrides to app.conf # 36-override-individual-settings.sh - Applies environment variable overrides to app.conf
set -eu set -eu

93
install/production-filesystem/entrypoint.d/37-host-optimization.sh Normal file
View File

@@ -0,0 +1,93 @@
#!/bin/sh
# 37-host-optimization.sh: Apply and validate network optimizations (ARP flux fix)
#
# This script improves detection accuracy by ensuring proper ARP behavior.
# It attempts to apply sysctl settings and warns if not possible.
# --- Color Codes ---
RED=$(printf '\033[1;31m')
YELLOW=$(printf '\033[1;33m')
RESET=$(printf '\033[0m')
# --- Skip flag ---
if [ -n "${SKIP_OPTIMIZATIONS:-}" ]; then
exit 0
fi
# --- Helpers ---
get_sysctl() {
sysctl -n "$1" 2>/dev/null || echo "unknown"
}
set_sysctl_if_needed() {
key="$1"
expected="$2"
current="$(get_sysctl "$key")"
# Already correct
if [ "$current" = "$expected" ]; then
return 0
fi
# Try to apply
if sysctl -w "$key=$expected" >/dev/null 2>&1; then
return 0
fi
# Failed
return 1
}
# --- Apply Settings (best effort) ---
failed=0
set_sysctl_if_needed net.ipv4.conf.all.arp_ignore 1 || failed=1
set_sysctl_if_needed net.ipv4.conf.all.arp_announce 2 || failed=1
set_sysctl_if_needed net.ipv4.conf.default.arp_ignore 1 || failed=1
set_sysctl_if_needed net.ipv4.conf.default.arp_announce 2 || failed=1
# --- Validate final state ---
all_ignore="$(get_sysctl net.ipv4.conf.all.arp_ignore)"
all_announce="$(get_sysctl net.ipv4.conf.all.arp_announce)"
# --- Warning Output ---
if [ "$all_ignore" != "1" ] || [ "$all_announce" != "2" ]; then
>&2 printf "%s" "${YELLOW}"
>&2 cat <<EOF
══════════════════════════════════════════════════════════════════════════════
⚠️ ATTENTION: ARP flux protection not enabled.
NetAlertX relies on ARP for device detection. Your system currently allows
ARP replies from incorrect interfaces (ARP flux), which may result in:
• False devices being detected
• IP/MAC mismatches
• Flapping device states
• Incorrect network topology
This is common when running in Docker or multi-interface environments.
──────────────────────────────────────────────────────────────────────────
Recommended fix (Docker Compose):
sysctls:
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2
──────────────────────────────────────────────────────────────────────────
Alternatively, apply on the host:
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
Detection accuracy may be reduced until this is configured.
══════════════════════════════════════════════════════════════════════════════
EOF
>&2 printf "%s" "${RESET}"
fi