git.ipfire.org Git - ipfire-2.x.git/commit

author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 28 Feb 2019 19:37:38 +0000 (19:37 +0000)
committer	Stefan Schantl <stefan.schantl@ipfire.org>
	Fri, 1 Mar 2019 16:56:48 +0000 (17:56 +0100)
commit	5d04cfe7d582bc58a4e4f9995fe5f67fcc456456
tree	e198724f8c2e8f42e39e5caa7073205e856ac14e	tree \| snapshot
parent	c9ee3592f00f0edc9467643a27ba1505cc8f879a	commit \| diff

suricata: Use highest bit to mark packets

We are using the netfilter MARK in IPsec & QoS and this
is causing conflicts.

Therefore, we use the highest bit in the IPS chain now
and clear it afterwards because we do not really care about
this after the packets have been passed through suricata.

Then, no other application has to worry about suricata.

Fixes: #12010
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

config/suricata/suricata.yaml		diff \| blob \| blame \| history
src/initscripts/system/suricata		diff \| blob \| blame \| history