aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-04-30 21:02:11 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-04-30 21:02:11 -0400
commit7bb99d97c33021c4e4cacb0b8dd739be5933c61f (patch)
tree029965b7f7cec1024adf1ccdb4f9021b53732649 /config/suricata
parentae28f7ce8af377985864b8df5e24b5c98e387e71 (diff)
downloadpfsense-packages-7bb99d97c33021c4e4cacb0b8dd739be5933c61f.tar.gz
pfsense-packages-7bb99d97c33021c4e4cacb0b8dd739be5933c61f.tar.bz2
pfsense-packages-7bb99d97c33021c4e4cacb0b8dd739be5933c61f.zip
Allow disabling of 'Delayed Detect' feature when required.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_generate_yaml.php5
-rw-r--r--config/suricata/suricata_interfaces_edit.php13
-rw-r--r--config/suricata/suricata_yaml_template.inc2
3 files changed, 18 insertions, 2 deletions
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index e4d2c153..3f9e307b 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -142,6 +142,11 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec
else
$inspection_recursion_limit = "";
+if ($suricatacfg['delayed_detect'] == 'on')
+ $delayed_detect = "yes";
+else
+ $delayed_detect = "no";
+
// Add interface-specific blocking settings
if ($suricatacfg['blockoffenders'] == 'on')
$suri_blockoffenders = "yes";
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 62c5eecb..f9319f92 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -222,6 +222,7 @@ if ($_POST["save"]) {
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; }
if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
@@ -281,6 +282,7 @@ if ($_POST["save"]) {
$natent['reassembly_to_client_chunk'] = '2560';
$natent['enable_midstream_sessions'] = 'off';
$natent['enable_async_sessions'] = 'off';
+ $natent['delayed_detect'] = 'off';
$natent['asn1_max_frames'] = '256';
@@ -622,6 +624,14 @@ if ($savemsg) {
gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on"
+ <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/>
+ <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
+ </tr>
+ <tr>
<td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td>
</tr>
<tr>
@@ -880,7 +890,8 @@ function enable_change(enable_change) {
document.iform.btnHomeNet.disabled=endis;
document.iform.btnPasslist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
-}
+} document.iform.delayed_detect.disabled=endis;
+
function wopen(url, name, w, h) {
// Fudge factors for window decoration space.
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index 4ced9059..c20ca8db 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -117,7 +117,7 @@ detect-engine:
- sgh-mpm-context: {$sgh_mpm_ctx}
- inspection-recursion-limit: {$inspection_recursion_limit}
- rule-reload: true
- - delayed-detect: yes
+ - delayed-detect: {$delayed_detect}
# Suricata is multi-threaded. Here the threading can be influenced.
threading: