vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-01 07:42:19 -07:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
bc4f419927efdfd80ba8bef47dc6e65d75d2a8cf
NetAlertX/install/production-filesystem/entrypoint.d/37-host-optimization.sh
jokob-sk 8fc78f02e9 BE: Better arpo-scan accuracy w/ system optimization 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
2026-02-24 07:07:55 +11:00

94 lines
3.0 KiB
Bash
Raw Blame History

#!/bin/sh
# 37-host-optimization.sh: Apply and validate network optimizations (ARP flux fix)
#
# This script improves detection accuracy by ensuring proper ARP behavior.
# It attempts to apply sysctl settings and warns if not possible.
# --- Color Codes ---
RED=$(printf '\033[1;31m')
YELLOW=$(printf '\033[1;33m')
RESET=$(printf '\033[0m')
# --- Skip flag ---
if [ -n "${SKIP_OPTIMIZATIONS:-}" ]; then
exit 0
fi
# --- Helpers ---
get_sysctl() {
sysctl -n "$1" 2>/dev/null || echo "unknown"
}
set_sysctl_if_needed() {
key="$1"
expected="$2"
current="$(get_sysctl "$key")"
# Already correct
if [ "$current" = "$expected" ]; then
return 0
fi
# Try to apply
if sysctl -w "$key=$expected" >/dev/null 2>&1; then
return 0
fi
# Failed
return 1
}
# --- Apply Settings (best effort) ---
failed=0
set_sysctl_if_needed net.ipv4.conf.all.arp_ignore 1 || failed=1
set_sysctl_if_needed net.ipv4.conf.all.arp_announce 2 || failed=1
set_sysctl_if_needed net.ipv4.conf.default.arp_ignore 1 || failed=1
set_sysctl_if_needed net.ipv4.conf.default.arp_announce 2 || failed=1
# --- Validate final state ---
all_ignore="$(get_sysctl net.ipv4.conf.all.arp_ignore)"
all_announce="$(get_sysctl net.ipv4.conf.all.arp_announce)"
# --- Warning Output ---
if [ "$all_ignore" != "1" ] || [ "$all_announce" != "2" ]; then
>&2 printf "%s" "${YELLOW}"
>&2 cat <<EOF
══════════════════════════════════════════════════════════════════════════════
⚠️ ATTENTION: ARP flux protection not enabled.
NetAlertX relies on ARP for device detection. Your system currently allows
ARP replies from incorrect interfaces (ARP flux), which may result in:
• False devices being detected
• IP/MAC mismatches
• Flapping device states
• Incorrect network topology
This is common when running in Docker or multi-interface environments.
──────────────────────────────────────────────────────────────────────────
Recommended fix (Docker Compose):
sysctls:
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2
──────────────────────────────────────────────────────────────────────────
Alternatively, apply on the host:
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
Detection accuracy may be reduced until this is configured.
══════════════════════════════════════════════════════════════════════════════
EOF
>&2 printf "%s" "${RESET}"
fi
Reference in New Issue View Git Blame Copy Permalink