add additional suricata af-packet config items

salt/suricata/defaults.yaml

@@ -33,6 +33,13 @@ suricata:
       threads: 1
       tpacket-v3: "yes"
       ring-size: 5000
+      mmap-locked: "yes"
+      block-size: 32768
+      block-timeout: 10
+      use-emergency-flush: "yes"
+      buffer-size: 32768
+      disable-promisc: "no"
+      checksum-checks: kernel
     vars:
       address-groups:
         HOME_NET:

salt/suricata/map.jinja

@@ -37,6 +37,13 @@
   threads: {{ SURICATAMERGED.config['af-packet'].threads }}
   tpacket-v3: {{ SURICATAMERGED.config['af-packet']['tpacket-v3'] }}
   ring-size: {{ SURICATAMERGED.config['af-packet']['ring-size'] }}
+  mmap-locked: {{ SURICATAMERGED.config['af-packet']['mmap-locked'] }}
+  block-size: {{ SURICATAMERGED.config['af-packet']['block-size'] }}
+  block-timeout: {{ SURICATAMERGED.config['af-packet']['block-timeout'] }}
+  use-emergency-flush: {{ SURICATAMERGED.config['af-packet']['use-emergency-flush'] }}
+  buffer-size: {{ SURICATAMERGED.config['af-packet']['buffer-size'] }}
+  disable-promisc: {{ SURICATAMERGED.config['af-packet']['disable-promisc'] }}
+  checksum-checks: {{ SURICATAMERGED.config['af-packet']['checksum-checks'] }}
 {% endload %}
 {% do SURICATAMERGED.config.pop('af-packet') %}
 {% do SURICATAMERGED.config.update({'af-packet': afpacket}) %}

salt/suricata/soc_suricata.yaml

@@ -94,6 +94,41 @@ suricata:
         description: Buffer size for packets per thread.
         forcedType: int
         helpLink: suricata.html
+      mmap-locked:
+        description: Prevent swapping by locking the memory map.
+        advanced: True
+        regex: ^(yes|no)$
+        helpLink: suricata.html
+      block-size:
+        description: This must be configured to a sufficiently high value to accommodate a significant number of packets, considering byte size and MTU constraints. Ensure it aligns with a power of 2 and is a multiple of the page size.
+        advanced: True
+        forcedType: int
+        helpLink: suricata.html
+      block-timeout:
+        description: If a block remains unfilled after the specified block-timeout milliseconds, it is passed to userspace.
+        advanced: True
+        forcedType: int
+        helpLink: suricata.html
+      use-emergency-flush:
+        description: In high-traffic environments, enabling this option to 'yes' aids in recovering from packet drop occurrences. However, it may lead to some packets, possibly at max ring flush, not being inspected.
+        advanced: True
+        regex: ^(yes|no)$
+        helpLink: suricata.html
+      buffer-size:
+        description: Increasing the value of the receive buffer may improve performance.
+        advanced: True
+        forcedType: int
+        helpLink: suricata.html
+      disable-promisc:
+        description: Promiscuous mode can be disabled by setting this to "yes".
+        advanced: True
+        regex: ^(yes|no)$
+        helpLink: suricata.html
+      checksum-checks:
+        description: "Opt for the checksum verification mode suitable for the interface. During capture, it's possible that some packets may exhibit invalid checksums due to the network card handling the checksum computation. You have several options: 'kernel': Relies on indications sent by the kernel for each packet (default). 'yes': Enforces checksum validation. 'no': Disables checksum validation. 'auto': Suricata employs a statistical approach to detect checksum offloading."
+        advanced: True
+        regex: ^(kernel|yes|no|auto)$
+        helpLink: suricata.html
     threading:
       set-cpu-affinity:
         description: Bind(yes) or unbind(no) management and worker threads to a core or range of cores.