From: Victor Julien <victor@inliniac.net>
Date: Wed, 31 May 2017 07:55:33 +0000 (+0200)
Subject: doc: update multi-tentant for device feature
X-Git-Tag: suricata-4.1.0-rc2~158
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3447%2Fhead;p=thirdparty%2Fsuricata.git

doc: update multi-tentant for device feature
---

diff --git a/doc/userguide/configuration/multi-tenant.rst b/doc/userguide/configuration/multi-tenant.rst
index 73abdae855..221b1ca492 100644
--- a/doc/userguide/configuration/multi-tenant.rst
+++ b/doc/userguide/configuration/multi-tenant.rst
@@ -17,7 +17,7 @@ Settings:
 
 * enabled: yes/no -> is multi-tenancy support enable
 * default: yes/no -> is the normal detect config a default 'fall back' tenant?
-* selector: direct (for unix socket pcap processing, see below) or vlan
+* selector: direct (for unix socket pcap processing, see below), vlan or device
 * loaders: number of 'loader' threads, for parallel tenant loading at startup
 * tenants: list of tenants
 
@@ -26,8 +26,8 @@ Settings:
 
 * mappings:
 
-  * vlan id
-  * tenant id: tenant to associate with the vlan id
+  * vlan id or device
+  * tenant id: tenant to associate with the vlan id / device
 
 ::
 
@@ -92,6 +92,46 @@ configuration:
 
       ...
 
+vlanid
+~~~~~~
+
+Assign tenants to vlan id's.
+
+Example of vlan mapping::
+
+    mappings:
+    - vlan-id: 1000
+      tenant-id: 1
+    - vlan-id: 2000
+      tenant-id: 2
+    - vlan-id: 1112
+      tenant-id: 3
+
+The mappings can also be modified over the unix socket, see below.
+
+Note: can only be used if 'vlan.use-for-tracking' is enabled.
+
+device
+~~~~~~
+
+Assign tenants to devices. A single tenant can be assigned to a device.
+Multiple devices can have the same tenant.
+
+Example of device mapping::
+
+    mappings:
+    - device: ens5f0
+      tenant-id: 1
+    - device: ens5f1
+      tenant-id: 3
+
+The mappings are static and cannot be modified over the unix socket.
+
+Note: Not currently supported for IPS.
+
+Note: support depends on a capture method using the 'livedev' API. Currently
+these are: pcap, AF_PACKET, PF_RING and Netmap.
+
 Unix Socket
 -----------