suricata: Limit to a maximum of "16" netfilter queues.

author Stefan Schantl <stefan.schantl@ipfire.org>

Sun, 19 May 2019 16:52:23 +0000 (18:52 +0200)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Mon, 20 May 2019 05:09:25 +0000 (07:09 +0200)
author Stefan Schantl <stefan.schantl@ipfire.org>
Sun, 19 May 2019 16:52:23 +0000 (18:52 +0200)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Mon, 20 May 2019 05:09:25 +0000 (07:09 +0200)
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata

index 38b6a40d831d61674738a4ee79d311cfe0546be4..5a567f2d7f4bfef90fabb11438bc5065e731f21c 100644 (file)
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -6,7 +6,7 @@
  #
  # Author      : Stefan Schantl <stefan.schantl@ipfire.org>
  #
-# Version     : 01.01
+# Version     : 01.02
  #
  # Notes       :
  #
@@ -50,7 +50,13 @@ function get_cpu_count {
                 [ "$line" ] && [ -z "${line%processor*}" ]  && ((CPUCOUNT++))
         done </proc/cpuinfo
  
-       echo $CPUCOUNT
+       # Limit to a maximum of 16 cores, because suricata does not support more than
+       # 16 netfilter queues at the moment.
+       if [ $CPUCOUNT -gt "16" ]; then
+               echo "16"
+       else
+               echo $CPUCOUNT
+       fi
  }
  
  # Function to flush the firewall chains.
author	Stefan Schantl <stefan.schantl@ipfire.org>
	Sun, 19 May 2019 16:52:23 +0000 (18:52 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Mon, 20 May 2019 05:09:25 +0000 (07:09 +0200)