Allow to disable cksum checking pf(4) does this already

author: Ermal <eri@pfsense.org> 2012-07-12 07:53:33 +0000
committer: Ermal <eri@pfsense.org> 2012-07-12 07:53:33 +0000
commit: 1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a (patch)
tree: c6caf776be70f1ff2dcf7b31e533897120c035fa /config/snort/snort.inc
parent: 06e36f418ba5e4f449d9fb6f213cadb9b4b91bbe (diff)
download: pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.tar.gz
pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.tar.bz2
pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index cf05be67..d9dec153 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1292,6 +1292,10 @@ EOD;
 		}
 	}
 
+	$cksumcheck = "all";
+	if ($snortcfg['cksumcheck'] == 'on')
+		$cksumcheck = "none";
+
 	/* build snort configuration file */
 	$snort_conf_text = <<<EOD
 
@@ -1313,7 +1317,7 @@ var PREPROC_RULE_PATH {$snortdir}/preproc_rules
 {$portvardef}
 
 # Configure the snort decoder  #
-config checksum_mode: all
+config checksum_mode: {$cksumcheck}
 config disable_decode_alerts
 config disable_tcpopt_experimental_alerts
 config disable_tcpopt_obsolete_alerts
author	Ermal <eri@pfsense.org>	2012-07-12 07:53:33 +0000
committer	Ermal <eri@pfsense.org>	2012-07-12 07:53:33 +0000
commit	1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a (patch)
tree	c6caf776be70f1ff2dcf7b31e533897120c035fa /config/snort/snort.inc
parent	06e36f418ba5e4f449d9fb6f213cadb9b4b91bbe (diff)
download	pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.tar.gz pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.tar.bz2 pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.zip