suricata: Limit to a maximum of "16" netfilter queues.
Commit Message
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
src/initscripts/system/suricata | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Comments
Thank you SO much for this! Cleared up all of my problems with high core
count firewalls.
Best regards,
Fred
-----Original Message-----
From: Stefan Schantl <stefan.schantl@ipfire.org>
Sent: 19 May, 2019 12:52
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Limit to a maximum of "16" netfilter queues.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
src/initscripts/system/suricata | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/initscripts/system/suricata
b/src/initscripts/system/suricata index 38b6a40d8..5a567f2d7 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -6,7 +6,7 @@
#
# Author : Stefan Schantl <stefan.schantl@ipfire.org>
#
-# Version : 01.01
+# Version : 01.02
#
# Notes :
#
@@ -50,7 +50,13 @@ function get_cpu_count {
[ "$line" ] && [ -z "${line%processor*}" ] && ((CPUCOUNT++))
done </proc/cpuinfo
- echo $CPUCOUNT
+ # Limit to a maximum of 16 cores, because suricata does not
support more than
+ # 16 netfilter queues at the moment.
+ if [ $CPUCOUNT -gt "16" ]; then
+ echo "16"
+ else
+ echo $CPUCOUNT
+ fi
}
# Function to flush the firewall chains.
--
2.20.1
@@ -6,7 +6,7 @@
#
# Author : Stefan Schantl <stefan.schantl@ipfire.org>
#
-# Version : 01.01
+# Version : 01.02
#
# Notes :
#
@@ -50,7 +50,13 @@ function get_cpu_count {
[ "$line" ] && [ -z "${line%processor*}" ] && ((CPUCOUNT++))
done </proc/cpuinfo
- echo $CPUCOUNT
+ # Limit to a maximum of 16 cores, because suricata does not support more than
+ # 16 netfilter queues at the moment.
+ if [ $CPUCOUNT -gt "16" ]; then
+ echo "16"
+ else
+ echo $CPUCOUNT
+ fi
}
# Function to flush the firewall chains.