diff mbox series

[1/9] suricata: Set most significant bit as repeat marker

Message ID	20211018101022.15448-1-michael.tremer@ipfire.org
State	Accepted
Commit	761fadbdde805c8863a1f2a736408367a38f94da
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 1/9] suricata: Set most significant bit as repeat marker Date: Mon, 18 Oct 2021 10:10:14 +0000 Message-Id: <20211018101022.15448-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	[1/9] suricata: Set most significant bit as repeat marker \| [1/9] suricata: Set most significant bit as repeat marker [2/9] suricata: Rename MARK/MASK to REPEAT_MARK/REPEAT_MASK [3/9] suricata: Define bypass mark [4/9] suricata: Enable bypassing unhandled streams [5/9] suricata: Always append rules instead of inserting them [6/9] suricata: Add rule to skip IPS if a packet has the bypass bit set [7/9] suricata: Store bypass flag in connmark and restore [8/9] suricata: Introduce IPSBYPASS chain [9/9] firewall: Keep REPEAT bit when saving rest to CONNMARK

Commit Message

Michael Tremer Oct. 18, 2021, 10:10 a.m. UTC

  I have no idea why some odd value was chosen here, but one bit should be
enough.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata.yaml   | 4 ++--
 src/initscripts/system/suricata | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

Peter Müller Oct. 18, 2021, 8:42 p.m. UTC | #1

Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

> I have no idea why some odd value was chosen here, but one bit should be
> enough.
> 
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
>  config/suricata/suricata.yaml   | 4 ++--
>  src/initscripts/system/suricata | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
> index 4e9e39967..1ce013dc7 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -346,8 +346,8 @@ logging:
>  
>  nfq:
>     mode: repeat
> -   repeat-mark: 1879048192
> -   repeat-mask: 1879048192
> +   repeat-mark: 2147483648
> +   repeat-mask: 2147483648
>  #   bypass-mark: 1
>  #   bypass-mask: 1
>  #  route-queue: 2
> diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
> index 33633ddf9..e327225d7 100644
> --- a/src/initscripts/system/suricata
> +++ b/src/initscripts/system/suricata
> @@ -35,8 +35,8 @@ network_zones=( red green blue orange ovpn )
>  enabled_ips_zones=()
>  
>  # Mark and Mask options.
> -MARK="0x70000000"
> -MASK="0x70000000"
> +MARK="0x80000000"
> +MASK="0x80000000"
>  
>  # PID file of suricata.
>  PID_FILE="/var/run/suricata.pid"
>

Stefan Schantl Oct. 19, 2021, 4:02 a.m. UTC | #2

Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
> I have no idea why some odd value was chosen here, but one bit should
> be
> enough.
> 
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
>  config/suricata/suricata.yaml   | 4 ++--
>  src/initscripts/system/suricata | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/config/suricata/suricata.yaml
> b/config/suricata/suricata.yaml
> index 4e9e39967..1ce013dc7 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -346,8 +346,8 @@ logging:
>  
>  nfq:
>     mode: repeat
> -   repeat-mark: 1879048192
> -   repeat-mask: 1879048192
> +   repeat-mark: 2147483648
> +   repeat-mask: 2147483648
>  #   bypass-mark: 1
>  #   bypass-mask: 1
>  #  route-queue: 2
> diff --git a/src/initscripts/system/suricata
> b/src/initscripts/system/suricata
> index 33633ddf9..e327225d7 100644
> --- a/src/initscripts/system/suricata
> +++ b/src/initscripts/system/suricata
> @@ -35,8 +35,8 @@ network_zones=( red green blue orange ovpn )
>  enabled_ips_zones=()
>  
>  # Mark and Mask options.
> -MARK="0x70000000"
> -MASK="0x70000000"
> +MARK="0x80000000"
> +MASK="0x80000000"
>  
>  # PID file of suricata.
>  PID_FILE="/var/run/suricata.pid"

diff mbox series

Patch

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 4e9e39967..1ce013dc7 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -346,8 +346,8 @@  logging:
 
 nfq:
    mode: repeat
-   repeat-mark: 1879048192
-   repeat-mask: 1879048192
+   repeat-mark: 2147483648
+   repeat-mask: 2147483648
 #   bypass-mark: 1
 #   bypass-mask: 1
 #  route-queue: 2
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 33633ddf9..e327225d7 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -35,8 +35,8 @@  network_zones=( red green blue orange ovpn )
 enabled_ips_zones=()
 
 # Mark and Mask options.
-MARK="0x70000000"
-MASK="0x70000000"
+MARK="0x80000000"
+MASK="0x80000000"
 
 # PID file of suricata.
 PID_FILE="/var/run/suricata.pid"