CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Further fixes for network offloading

Browse Source
This commit is contained in:
William Wernert
2019-08-14 12:24:23 -04:00
parent 8dbb5de55d
commit 75ab90d5e8
2 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install_scripts/disable-checksum-offload.sh
View File

@@ -5,5 +5,5 @@ if [ "$NM_DISPATCHER_ACTION" == "pre-up" ]; then
for i in rx tx sg tso ufo gso gro lro; do for i in rx tx sg tso ufo gso gro lro; do
ethtool -K $DEVICE_IFACE $i off; ethtool -K $DEVICE_IFACE $i off;
done done
fii fi
fi fi

39
so-setup-network.sh
View File

@@ -255,25 +255,28 @@ network_setup() {
fi fi
# Create the bond interface # Create the bond interface
nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \ nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
ipv4.method disabled \ ipv4.method disabled \
ipv6.method link-local \ ipv6.method link-local \
ethernet.mtu $MTU \ ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1 connection.autoconnect "yes" >> $SETUPLOG 2>&1
for BNIC in ${BNICS[@]}; do for BNIC in ${BNICS[@]}; do
# Strip the quotes from the NIC names # Strip the quotes from the NIC names
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')" BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
# Create the slave interface and assign it to the bond # Turn off various offloading settings for the interface
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \ for i in rx tx sg tso ufo gso gro lro; do
ethernet.mtu $MTU \ ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
connection.autoconnect "yes" >> $SETUPLOG 2>&1
# Bring the slave interface up
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
done done
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
# Bring the slave interface up
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
done
# Replace the variable string in the network script
sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1 sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1
# Copy the checksum offload script to prevent issues with packet capture # Copy the checksum offload script to prevent issues with packet capture
cp ./install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1 cp ./install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
} }
@@ -1688,7 +1691,7 @@ if (whiptail_you_sure); then
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX" echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $SETUPLOG 2>&1 set_initial_firewall_policy >> $SETUPLOG 2>&1
echo -e "XXX\n3\nCreating Bond Interface... \nXXX" echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
create_bond_nmcli >> $SETUPLOG 2>&1 network_setup >> $SETUPLOG 2>&1
echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX" echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
sensor_pillar >> $SETUPLOG 2>&1 sensor_pillar >> $SETUPLOG 2>&1
echo -e "XXX\n5\nInstalling Salt Components... \nXXX" echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
@@ -1778,7 +1781,7 @@ if (whiptail_you_sure); then
{ {
sleep 0.5 sleep 0.5
echo -e "XXX\n0\nCreating Bond Interface... \nXXX" echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
create_bond_nmcli >> $SETUPLOG 2>&1 network_setup >> $SETUPLOG 2>&1
echo -e "XXX\n1\nInstalling saltstack... \nXXX" echo -e "XXX\n1\nInstalling saltstack... \nXXX"
saltify >> $SETUPLOG 2>&1 saltify >> $SETUPLOG 2>&1
echo -e "XXX\n3\nInstalling docker... \nXXX" echo -e "XXX\n3\nInstalling docker... \nXXX"