From: Eric Leblond <eric@regit.org>
Date: Fri, 30 Jun 2017 13:00:40 +0000 (+0200)
Subject: af-packet: optimize BPF
X-Git-Tag: suricata-4.0.0~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc82ef065c8bf22352a62d4e9b578fafc936fc83;p=thirdparty%2Fsuricata.git

af-packet: optimize BPF

This patch turn on code optimization on BPF filter building by
libpcap. This allow to reduce the size of the BPF bytecode and
thus increase the size of BPF filter supported by Suricata.

Reported-by: Martijn van Oosterhout
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 5b13ae34c4..791a51025d 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2085,7 +2085,7 @@ TmEcode AFPSetBPFFilter(AFPThreadVars *ptv)
                 ptv->datalink,    /* linktype_arg */
                 &filter,       /* program */
                 ptv->bpf_filter, /* const char *buf */
-                0,             /* optimize */
+                1,             /* optimize */
                 0              /* mask */
                 ) == -1) {
         SCLogError(SC_ERR_AFP_CREATE, "Filter compilation failed.");