CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10899 from Security-Onion-Solutions/offload

Browse Source 
Fix Offload
This commit is contained in:
Mike Reeves
2023-08-01 10:32:53 -04:00
committed by GitHub
parent f27ebc47c1 f35f42c83d
commit 82b335ed04
4 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/common/tools/sbin/so-common
View File

@@ -225,12 +225,15 @@ init_monitor() {
if [[ $MONITORNIC == "bond0" ]]; then if [[ $MONITORNIC == "bond0" ]]; then
BIFACES=$(lookup_bond_interfaces) BIFACES=$(lookup_bond_interfaces)
for i in rx tx sg tso ufo gso gro lro rx-vlan-offload tx-vlan-offload generic-receive-offload generic-segmentation-offload tcp-segmentation-offload; do
ethtool -K "$MONITORNIC" "$i" off;
done
else else
BIFACES=$MONITORNIC BIFACES=$MONITORNIC
fi fi
for DEVICE_IFACE in $BIFACES; do for DEVICE_IFACE in $BIFACES; do
for i in rx tx sg tso ufo gso gro lro; do for i in rx tx sg tso ufo gso gro lro rx-vlan-offload tx-vlan-offload generic-receive-offload generic-segmentation-offload tcp-segmentation-offload; do
ethtool -K "$DEVICE_IFACE" "$i" off; ethtool -K "$DEVICE_IFACE" "$i" off;
done done
ip link set dev "$DEVICE_IFACE" arp off multicast off allmulticast off promisc on ip link set dev "$DEVICE_IFACE" arp off multicast off allmulticast off promisc on

14
salt/sensor/files/99-so-checksum-offload-disable Executable file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
{% set MNIC = salt['pillar.get']('sensor:interface') %}
init_monitor {{ MNIC }}

12
salt/sensor/init.sls Normal file
View File

@@ -0,0 +1,12 @@
offload_script:
file.managed:
- name: /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable
- source: salt://sensor/files/99-so-checksum-offload-disable
- mode: 755
- template: jinja
execute_checksum:
cmd.run:
- name: /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable
- onchanges:
- file: offload_script

5
salt/top.sls
View File

@@ -36,6 +36,7 @@ base:
'*_sensor and G@saltversion:{{saltversion}}': '*_sensor and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- sensor
- ssl - ssl
- sensoroni - sensoroni
- telegraf - telegraf
@@ -52,6 +53,7 @@ base:
'*_eval and G@saltversion:{{saltversion}}': '*_eval and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master - salt.master
- sensor
- ca - ca
- ssl - ssl
- registry - registry
@@ -118,6 +120,7 @@ base:
'*_standalone and G@saltversion:{{saltversion}}': '*_standalone and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master - salt.master
- sensor
- ca - ca
- ssl - ssl
- registry - registry
@@ -196,6 +199,7 @@ base:
'*_heavynode and G@saltversion:{{saltversion}}': '*_heavynode and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- sensor
- ssl - ssl
- sensoroni - sensoroni
- nginx - nginx
@@ -216,6 +220,7 @@ base:
'*_import and G@saltversion:{{saltversion}}': '*_import and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master - salt.master
- sensor
- ca - ca
- ssl - ssl
- registry - registry