From 7bb99d97c33021c4e4cacb0b8dd739be5933c61f Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 30 Apr 2014 21:02:11 -0400 Subject: Allow disabling of 'Delayed Detect' feature when required. --- config/suricata/suricata_generate_yaml.php | 5 +++++ config/suricata/suricata_interfaces_edit.php | 13 ++++++++++++- config/suricata/suricata_yaml_template.inc | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'config/suricata') diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index e4d2c153..3f9e307b 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -142,6 +142,11 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec else $inspection_recursion_limit = ""; +if ($suricatacfg['delayed_detect'] == 'on') + $delayed_detect = "yes"; +else + $delayed_detect = "no"; + // Add interface-specific blocking settings if ($suricatacfg['blockoffenders'] == 'on') $suri_blockoffenders = "yes"; diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 62c5eecb..f9319f92 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -222,6 +222,7 @@ if ($_POST["save"]) { if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); @@ -281,6 +282,7 @@ if ($_POST["save"]) { $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; + $natent['delayed_detect'] = 'off'; $natent['asn1_max_frames'] = '256'; @@ -621,6 +623,14 @@ if ($savemsg) { " . gettext("3000") . "."; ?>

+ + + + /> + " . gettext("Not Checked") . "."; ?> + @@ -880,7 +890,8 @@ function enable_change(enable_change) { document.iform.btnHomeNet.disabled=endis; document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; -} +} document.iform.delayed_detect.disabled=endis; + function wopen(url, name, w, h) { // Fudge factors for window decoration space. diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index 4ced9059..c20ca8db 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -117,7 +117,7 @@ detect-engine: - sgh-mpm-context: {$sgh_mpm_ctx} - inspection-recursion-limit: {$inspection_recursion_limit} - rule-reload: true - - delayed-detect: yes + - delayed-detect: {$delayed_detect} # Suricata is multi-threaded. Here the threading can be influenced. threading: -- cgit v1.2.3