From 0bd0c7b1ec09b86b460cf16d24b5d172bd9beaa4 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 24 Apr 2024 13:26:25 -0400
Subject: [PATCH] allow for mmap-locked to be configured

---
 salt/suricata/defaults.yaml     | 1 +
 salt/suricata/map.jinja         | 1 +
 salt/suricata/soc_suricata.yaml | 5 +++++
 3 files changed, 7 insertions(+)

diff --git a/salt/suricata/defaults.yaml b/salt/suricata/defaults.yaml
index 914c045b1..fa863473a 100644
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -30,6 +30,7 @@ suricata:
       cluster-type: cluster_flow
       defrag: "yes"
       use-mmap: "yes"
+      mmap-locked: "yes"
       threads: 1
       tpacket-v3: "yes"
       ring-size: 5000
diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja
index 2a3adf5f1..d9748acee 100644
--- a/salt/suricata/map.jinja
+++ b/salt/suricata/map.jinja
@@ -34,6 +34,7 @@
   cluster-type: {{ SURICATAMERGED.config['af-packet']['cluster-type'] }}
   defrag: "{{ SURICATAMERGED.config['af-packet'].defrag }}"
   use-mmap: "{{ SURICATAMERGED.config['af-packet']['use-mmap'] }}"
+  mmap-locked: {{ SURICATAMERGED.config['af-packet']['mmap-locked'] }}
   threads: {{ SURICATAMERGED.config['af-packet'].threads }}
   tpacket-v3: "{{ SURICATAMERGED.config['af-packet']['tpacket-v3'] }}"
   ring-size: {{ SURICATAMERGED.config['af-packet']['ring-size'] }}
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index b0a864329..a1847167c 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -83,6 +83,11 @@ suricata:
       use-mmap:
         advanced: True
         readonly: True
+      mmap-locked:
+        description: Prevent swapping by locking the memory map.
+        advanced: True
+        regex: ^(yes|no)$
+        helpLink: suricata.html
       threads:
         description: The amount of worker threads.
         helpLink: suricata.html