From 8dbb5de55dbb420fc3bffe3468ade46df11027eb Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 14 Aug 2019 12:09:03 -0400
Subject: [PATCH 1/2] Preliminary fix for packet capture loss

Interface offloading was not being turned off during setup
---
 install_scripts/disable-checksum-offload.sh |  9 +++++++++
 so-setup-network.sh                         | 11 ++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 install_scripts/disable-checksum-offload.sh

diff --git a/install_scripts/disable-checksum-offload.sh b/install_scripts/disable-checksum-offload.sh
new file mode 100644
index 000000000..0af7bdbf9
--- /dev/null
+++ b/install_scripts/disable-checksum-offload.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [ "$NM_DISPATCHER_ACTION" == "pre-up" ]; then
+    if ["$DEVICE_IFACE" !== "$MAININT"]; then
+        for i in rx tx sg tso ufo gso gro lro; do 
+            ethtool -K $DEVICE_IFACE $i off; 
+        done
+    fii
+fi
\ No newline at end of file
diff --git a/so-setup-network.sh b/so-setup-network.sh
index 24a1ddf5b..a12259011 100644
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -246,15 +246,15 @@ copy_ssh_key() {
 
 }
 
-create_bond_nmcli() {
+network_setup() {
   echo "Setting up Bond" >> $SETUPLOG 2>&1
 
   # Set the MTU
-  if [ $NSMSETUP != 'ADVANCED' ]; then
+  if [ "$NSMSETUP" != 'ADVANCED' ]; then
     MTU=1500
   fi
 
-# Create the bond interface
+  # Create the bond interface
     nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
       ipv4.method disabled \
       ipv6.method link-local \
@@ -271,6 +271,11 @@ create_bond_nmcli() {
       # Bring the slave interface up
       nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
     done
+  
+  sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1
+
+  # Copy the checksum offload script to prevent issues with packet capture
+  cp ./install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh  >> $SETUPLOG 2>&1
 }
 
 detect_os() {

From 75ab90d5e8b58ce4714fe0b113bedec1c2d33e92 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 14 Aug 2019 12:24:23 -0400
Subject: [PATCH 2/2] Further fixes for network offloading

---
 install_scripts/disable-checksum-offload.sh |  2 +-
 so-setup-network.sh                         | 39 +++++++++++----------
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/install_scripts/disable-checksum-offload.sh b/install_scripts/disable-checksum-offload.sh
index 0af7bdbf9..9cc0b5d5b 100644
--- a/install_scripts/disable-checksum-offload.sh
+++ b/install_scripts/disable-checksum-offload.sh
@@ -5,5 +5,5 @@ if [ "$NM_DISPATCHER_ACTION" == "pre-up" ]; then
         for i in rx tx sg tso ufo gso gro lro; do 
             ethtool -K $DEVICE_IFACE $i off; 
         done
-    fii
+    fi
 fi
\ No newline at end of file
diff --git a/so-setup-network.sh b/so-setup-network.sh
index a12259011..13906311d 100644
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -255,25 +255,28 @@ network_setup() {
   fi
 
   # Create the bond interface
-    nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
-      ipv4.method disabled \
-      ipv6.method link-local \
-      ethernet.mtu $MTU \
-      connection.autoconnect "yes" >> $SETUPLOG 2>&1
+  nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
+    ipv4.method disabled \
+    ipv6.method link-local \
+    ethernet.mtu $MTU \
+    connection.autoconnect "yes" >> $SETUPLOG 2>&1
 
-    for BNIC in ${BNICS[@]}; do
-      # Strip the quotes from the NIC names
-      BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
-      # Create the slave interface and assign it to the bond
-      nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
-      ethernet.mtu $MTU \
-      connection.autoconnect "yes" >> $SETUPLOG 2>&1
-      # Bring the slave interface up
-      nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
+  for BNIC in ${BNICS[@]}; do
+    # Strip the quotes from the NIC names
+    BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
+      # Turn off various offloading settings for the interface
+    for i in rx tx sg tso ufo gso gro lro; do 
+          ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
     done
-  
+    # Create the slave interface and assign it to the bond
+    nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
+    ethernet.mtu $MTU \
+    connection.autoconnect "yes" >> $SETUPLOG 2>&1
+    # Bring the slave interface up
+    nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
+  done
+  # Replace the variable string in the network script
   sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1
-
   # Copy the checksum offload script to prevent issues with packet capture
   cp ./install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh  >> $SETUPLOG 2>&1
 }
@@ -1688,7 +1691,7 @@ if (whiptail_you_sure); then
       echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
       set_initial_firewall_policy >> $SETUPLOG 2>&1
       echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
-      create_bond_nmcli >> $SETUPLOG 2>&1
+      network_setup >> $SETUPLOG 2>&1
       echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
       sensor_pillar >> $SETUPLOG 2>&1
       echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
@@ -1778,7 +1781,7 @@ if (whiptail_you_sure); then
     {
       sleep 0.5
       echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
-      create_bond_nmcli >> $SETUPLOG 2>&1
+      network_setup >> $SETUPLOG 2>&1
       echo -e "XXX\n1\nInstalling saltstack... \nXXX"
       saltify >> $SETUPLOG 2>&1
       echo -e "XXX\n3\nInstalling docker... \nXXX"