From: Victor Julien Date: Thu, 22 Sep 2016 10:38:54 +0000 (+0200) Subject: offloading: make disabling offloading configurable X-Git-Tag: suricata-3.2beta1~311 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da8f3c987b0071555e5df79397985f87b52d7b87;p=thirdparty%2Fsuricata.git offloading: make disabling offloading configurable Add a generic 'capture' section to the YAML: # general settings affecting packet capture capture: # disable NIC offloading. It's restored when Suricata exists. # Enabled by default #disable-offloading: false # # disable checksum validation. Same as setting '-k none' on the # commandline #checksum-validation: none --- diff --git a/src/suricata.c b/src/suricata.c index 66d94ff78b..1a395ce3b3 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2201,6 +2201,25 @@ static int PostConfLoadedSetup(SCInstance *suri) #endif SpmTableSetup(); + int disable_offloading; + if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0) + disable_offloading = 1; + if (disable_offloading) { + LiveSetOffloadDisable(); + } else { + LiveSetOffloadWarn(); + } + + if (suri->checksum_validation == -1) { + char *cv = NULL; + if (ConfGet("capture.checksum-validation", &cv) == 1) { + if (strcmp(cv, "none") == 0) { + suri->checksum_validation = 0; + } else if (strcmp(cv, "all") == 0) { + suri->checksum_validation = 1; + } + } + } switch (suri->checksum_validation) { case 0: ConfSet("stream.checksum-validation", "0"); diff --git a/suricata.yaml.in b/suricata.yaml.in index f8be4b3d27..9faf1f623a 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1446,6 +1446,16 @@ nflog: ## Advanced Capture Options ## +# general settings affecting packet capture +capture: + # disable NIC offloading. It's restored when Suricata exists. + # Enabled by default + #disable-offloading: false + # + # disable checksum validation. Same as setting '-k none' on the + # commandline + #checksum-validation: none + # Netmap support # # Netmap operates with NIC directly in driver, so you need FreeBSD wich have