From 30a469ea63b6445afb68f00611b50b73258dbf69 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 14 Sep 2022 14:36:13 -0400
Subject: [PATCH] Update afpacket.map.jinja

---
 salt/suricata/afpacket.map.jinja | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja
index a6c390abb..2c575c456 100644
--- a/salt/suricata/afpacket.map.jinja
+++ b/salt/suricata/afpacket.map.jinja
@@ -1,15 +1,14 @@
+{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
+{% set suricata_pillar = pillar.suricata %}
+{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
 {% load_yaml as afpacket %}
 af-packet:
-  - interface: {{ salt['pillar.get']('sensor:interface', 'bond0') }}
-    cluster-id: 59
-    cluster-type: cluster_flow
-    defrag: yes
-    use-mmap: yes
-    threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }}
-    tpacket-v3: yes
-    ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }}
-  - interface: default
-    #threads: auto
-    #use-mmap: no
-    #tpacket-v3: yes
+  - interface: {{ surimerge.suricata.config.af-packet.interface }}
+    cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
+    cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
+    defrag: {{ surimerge.suricata.config.af-packet.defrag }}
+    use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
+    threads: {{ surimerge.suricata.config.af-packet.threads }}
+    tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
+    ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
 {% endload %}