From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 12 Mar 2025 18:31:08 +0000 (-0600)
Subject: af-packet: check defrag value even if cluster-type not set
X-Git-Tag: suricata-7.0.9~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1dd4664714ff199f1eea10940503997362a086e8;p=thirdparty%2Fsuricata.git

af-packet: check defrag value even if cluster-type not set

If cluster-type was not set we default to "cluster_flow" with defrag
always on. Instead check for defrag value and disable defrag if disabled
by the user.

Ticket: #7458
(cherry picked from commit 25d0fba91274e8d26e804f278c281a5c9f5309e9)
---

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 742d96855b..87469dacd3 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -379,8 +379,19 @@ static void *ParseAFPConfig(const char *iface)
     }
 
     if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
-        /* default to our safest choice: flow hashing + defrag enabled */
-        aconf->cluster_type = PACKET_FANOUT_HASH | PACKET_FANOUT_FLAG_DEFRAG;
+        /* Default to our safest choice: flow hashing + defrag
+         * enabled, unless defrag has been disabled by the user. */
+        uint16_t defrag = PACKET_FANOUT_FLAG_DEFRAG;
+        int conf_val = 0;
+        SCLogConfig("%s: using flow cluster mode for AF_PACKET", aconf->iface);
+        if (ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val)) {
+            if (!conf_val) {
+                SCLogConfig(
+                        "%s: disabling defrag kernel functionality for AF_PACKET", aconf->iface);
+                defrag = 0;
+            }
+        }
+        aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
         cluster_type = PACKET_FANOUT_HASH;
     } else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
         SCLogConfig("%s: using round-robin cluster mode for AF_PACKET", aconf->iface);