]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commit
projects / people / ms / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a7831b7) | patch
suricata: Be more efficient with marks
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 9 Sep 2024 17:38:47 +0000 (19:38 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 21 Sep 2024 10:25:05 +0000 (12:25 +0200)
commit93763fc8d5d8dc315a6a8874a209d4476273dc13
tree708cb246042c31568d0592089ca0d1ce7d830dcetree
parenta7831b7fe89694d4a9e0ea4b321467a61f9dc154commit | diff
suricata: Be more efficient with marks

This patch changes that we introduce a new mark which allows us to
identify any newly bypassed connections and permanently store the bypass
flag.

We also only restore marks from the connection tracking when a packet
has no marks, yet.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/firewall diff | blob | blame | history
src/initscripts/system/suricata diff | blob | blame | history
Michael's tree of IPFire 2.x.