Skip to content

Drop gratuitous ARP packets#291

Merged
adrelanos merged 1 commit intoKicksecure:masterfrom
raja-grewal:drop_gratuitous_arp
Jan 10, 2025
Merged

Drop gratuitous ARP packets#291
adrelanos merged 1 commit intoKicksecure:masterfrom
raja-grewal:drop_gratuitous_arp

Conversation

@raja-grewal
Copy link
Contributor

@raja-grewal raja-grewal commented Dec 19, 2024

As per #279 (comment).

Changes

Set sysctl net.ipv4.conf.*.drop_gratuitous_arp=1

Mandatory Checklist

  • Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements:

Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

Optional Checklist

The following items are optional but might be requested in certain cases.

  • I have tested it locally
  • I have reviewed and updated any documentation if relevant
  • I am providing new code and test(s) for it

@ArrayBolt3
Copy link
Contributor

ArrayBolt3 commented Dec 20, 2024

Doesn't look like it's likely to cause problems in a home use scenario, but what happens in a cloud scenario where you rely on other servers on the local network for certain resources, and those servers sometimes have their MAC addresses change? (I don't know if AWS ever has to change the MAC addresses of things like package update servers and whatnot, but I would assume it could happen if they're shuffling VMs around.) That could cause things to break, possibly quite badly. I can also imagine something like this happening in a corporate scenario where a server is reconfigured and it has to tell all client machines on the network the new MAC address for its IP.

I think for most users this is probably fine, since IPs don't just randomly switch MACs very often AFAIK. In an environment where gratuitous ARP is needed, the sysadmin will probably know, and be able to turn this setting off. So I think this is another thing that's good to enable by default, but that we should support disabling, and document how to turn it off.

@raja-grewal
Copy link
Contributor Author

raja-grewal commented Jan 8, 2025
edited
Loading

Thanks for the review!

Personally, I am not sure how many people use Kicksecure/Whonix in a cloud scenario. I think the majority off users are either running VMs on their personal system or running it on bare metal on their personal systems.

As you suggest, I think for the cloud scenario, a user in that space would likely know how to handle the problem.

Regardless, do you think the current documentation is sufficiently clear for a user?

@ArrayBolt3
Copy link
Contributor

ArrayBolt3 commented Jan 8, 2025

The in-file documentation is fine to me, but I'd also like to document it in the wiki so people who are like "what on earth, why can't my workstation find my server anymore" can do a web search or wiki search and (hopefully) find it. I can add that to my list of things to do

@adrelanos I consider this ready to merge.

@adrelanos adrelanos merged commit 1b33e83 into Kicksecure:master Jan 10, 2025
@raja-grewal raja-grewal deleted the drop_gratuitous_arp branch January 11, 2025 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@raja-grewal @ArrayBolt3 @adrelanos

Comments