]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 54a58a2) | patch
suricata: Be more efficient with marks
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 9 Sep 2024 17:38:47 +0000 (19:38 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 24 Sep 2024 08:42:25 +0000 (08:42 +0000)
commite088c2115843cb6d70ea5bc21af818f5dbd7e822
tree032f4c8bc4ef7090c2b80e29e8b1f0ce5b2c3fb1tree
parent54a58a2891910ece5174ec8f20504ae2f80841e2commit | diff
suricata: Be more efficient with marks

This patch changes that we introduce a new mark which allows us to
identify any newly bypassed connections and permanently store the bypass
flag.

We also only restore marks from the connection tracking when a packet
has no marks, yet.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/firewall diff | blob | blame | history
src/initscripts/system/suricata diff | blob | blame | history
IPFire 2.x development tree