af-packet: optimize BPF

This patch turn on code optimization on BPF filter building by
libpcap. This allow to reduce the size of the BPF bytecode and
thus increase the size of BPF filter supported by Suricata.

Reported-by: Martijn van Oosterhout

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 5b13ae34c408f22ad98aff1c94dcdaedf240cd97..791a51025dc1a59a602a08bca276c5ba5393589d 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2085,7 +2085,7 @@ TmEcode AFPSetBPFFilter(AFPThreadVars *ptv)
                 ptv->datalink,    /* linktype_arg */
                 &filter,       /* program */
                 ptv->bpf_filter, /* const char *buf */
-                0,             /* optimize */
+                1,             /* optimize */
                 0              /* mask */
                 ) == -1) {
         SCLogError(SC_ERR_AFP_CREATE, "Filter compilation failed.");