From 26b0daf2dadc3a29d89bac0fc337fc917b963118 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 1 Jul 2020 17:42:51 +0000
Subject: [PATCH] Add other setup-related items for EC2 interface

---
 setup/so-functions | 55 +++++++++++++++++++++++++++++++++++++++++-----
 setup/so-setup     | 17 ++++++++++----
 2 files changed, 63 insertions(+), 9 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 1359ad66d..efccdedd5 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -498,6 +498,7 @@ create_local_directories() {
 create_sensor_bond() {
 	echo "Setting up sensor bond" >> "$setup_log" 2>&1
 
+	INTERFACE="bond0"
 	local nic_error=0
 
 	check_network_manager_conf >> "$setup_log" 2>&1
@@ -1317,7 +1318,7 @@ sensor_pillar() {
 	# Create the sensor pillar
 	printf '%s\n'\
 		"sensor:"\
-		"  interface: bond0"\
+		"  interface: $INTERFACE"\
 		"  mainip: $MAINIP"\
 		"  mainint: $MNIC" >> "$pillar_file"
 	
@@ -1428,13 +1429,13 @@ set_initial_firewall_policy() {
             $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
 			case "$install_type" in 
 				'EVAL')
-					$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0 True
+					$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" $INTERFACE True
 					;;
 				'MASTERSEARCH')
 					$default_salt_dir/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 				'STANDALONE')
-					$default_salt_dir/pillar/data/addtotab.sh standalonetab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+					$default_salt_dir/pillar/data/addtotab.sh standalonetab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" $INTERFACE
 					;;
 			esac
 			;;
@@ -1448,7 +1449,7 @@ set_initial_firewall_policy() {
 			case "$install_type" in
 				'SENSOR')
 					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" $INTERFACE
 					;;
 				'SEARCHNODE')
 					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
@@ -1457,7 +1458,7 @@ set_initial_firewall_policy() {
 				'HEAVYNODE')
 					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"
 					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" $INTERFACE
 					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 				'FLEET')
@@ -1620,3 +1621,47 @@ es_heapsize() {
 		export NODE_ES_HEAP_SIZE
 	fi
 }
+
+is_ec2() {
+  # Check if EC2
+  if curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null;then
+    is_ec2=1
+  else
+    is_ec2=0
+  fi
+}
+
+create_ec2_sniffing() {
+        echo "Setting up sensor sniffing interface" >> "$setup_log" 2>&1
+
+        local nic_error=0
+
+        check_network_manager_conf >> "$setup_log" 2>&1
+
+        # Set the MTU
+        if [[ $NSMSETUP != 'ADVANCED' ]]; then
+                MTU=1575
+        fi
+
+        for BNIC in "${BNICS[@]}"; do
+                # Check if specific offload features are able to be disabled
+                for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do
+                        if ethtool -k "$BNIC" | grep $string | grep -q "on [fixed]"; then
+                                echo "The hardware or driver for interface ${BNIC} is not supported, packet capture may not work as expected." >> "$setup_log" 2>&1
+                                nic_error=1
+                                break
+                        fi
+                done
+
+                # Turn off various offloading settings for the interface
+                for i in rx tx sg tso ufo gso gro lro; do
+                        ethtool -K "$BNIC" $i off >> "$setup_log" 2>&1
+                done
+        done
+
+        INTERFACE=$BNIC
+
+        if [ $nic_error != 0 ]; then
+                return 1
+        fi
+}
diff --git a/setup/so-setup b/setup/so-setup
index a5b57f13d..69b9c3c32 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -100,6 +100,8 @@ got_root
 
 detect_os
 
+is_ec2
+
 if [ "$OS" == ubuntu ]; then
 	update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
 fi
@@ -225,7 +227,11 @@ fi
 
 # Start user prompts
 if [[ $is_helix || $is_sensor ]]; then
-	whiptail_bond_nics
+	if [ $is_ec2 -eq 1 ]; then
+             whiptail_ec2_nic
+        else
+             whiptail_bond_nics
+        fi
 	calculate_useable_cores
 fi
 
@@ -373,9 +379,12 @@ fi
 	update_packages >> $setup_log 2>&1
 
 	if [[ $is_sensor || $is_helix ]]; then
-		set_progress_str 3 'Creating bond interface'
-		create_sensor_bond >> $setup_log 2>&1
-		
+		set_progress_str 3 'Creating bond/sniffing interface'
+		if [ $is_ec2 -eq 1 ]; then
+                        create_ec2_sniffing >> $setup_log 2>&1
+                else
+                        create_sensor_bond >> $setup_log 2>&1
+                fi
 		set_progress_str 4 'Generating sensor pillar'
 		sensor_pillar >> $setup_log 2>&1
 	fi