Merge pull request #15723 from Security-Onion-Solutions/fix/suricata-bpf-transition

Fix/suricata bpf transition
update HOTFIX
2026-04-06 21:01:58 +02:00 · 2026-04-06 09:38:53 -04:00 · 2026-04-06 09:30:53 -04:00 · 2026-04-06 09:13:32 -04:00 · 2026-04-06 09:06:12 -04:00 · 2026-04-03 10:30:22 -04:00
3 changed files with 15 additions and 5 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-
+20260407
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -10,7 +10,7 @@
 {%   from 'suricata/map.jinja' import SURICATAMERGED %}
 {%   from 'bpf/suricata.map.jinja' import SURICATABPF, SURICATA_BPF_STATUS, SURICATA_BPF_CALC %}

-{%   if GLOBALS.pcap_engine in ["SURICATA", "TRANSITION"] %}
+{%   if GLOBALS.pcap_engine == "SURICATA" %}
 {%     from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS, PCAP_BPF_CALC %}
 # BPF compilation and configuration
 {%     if PCAPBPF and not PCAP_BPF_STATUS %}
--- a/salt/suricata/map.jinja
+++ b/salt/suricata/map.jinja
@@ -11,9 +11,19 @@
 {# before we change outputs back to list, enable pcap-log if suricata is the pcapengine #}
 {% if GLOBALS.pcap_engine in ["SURICATA", "TRANSITION"] %}

-{%   from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %}
-{%   if PCAPBPF and PCAP_BPF_STATUS %}
-{%     do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
+{%   if GLOBALS.pcap_engine == "SURICATA" %}
+{%     from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %}
+{%     if PCAPBPF and PCAP_BPF_STATUS %}
+{%       do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
+{%     endif %}
+{%   elif GLOBALS.pcap_engine == "TRANSITION" %}
+{%     import_yaml 'bpf/defaults.yaml' as BPFDEFAULTS %}
+{%     set BPFMERGED = salt['pillar.get']('bpf', BPFDEFAULTS.bpf, merge=True) %}
+{%     import 'bpf/macros.jinja' as MACROS %}
+{{     MACROS.remove_comments(BPFMERGED, 'pcap') }}
+{%     if BPFMERGED.pcap %}
+{%       do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': BPFMERGED.pcap|join(" ")}) %}
+{%     endif %}
 {%   endif %}

 {%   set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %}
Author	SHA1	Message	Date
Josh Patterson	08873df6cf	Merge pull request #15723 from Security-Onion-Solutions/fix/suricata-bpf-transition Fix/suricata bpf transition	2026-04-06 09:38:53 -04:00
Josh Patterson	455eec2cc8	update HOTFIX	2026-04-06 09:30:53 -04:00
Mike Reeves	7ffad7594b	Merge pull request #15722 from Security-Onion-Solutions/merge-main-into-2.4.211 Merge 2.4/main into patch/2.4.211	2026-04-06 09:13:32 -04:00
Mike Reeves	b01dea67e3	Merge remote-tracking branch 'origin/2.4/main' into patch/2.4.211	2026-04-06 09:06:12 -04:00
Josh Patterson	cc3d53f06c	fix suricata bpf for transition mode	2026-04-03 10:30:22 -04:00
Mike Reeves	601f57fbdd	Merge pull request #15596 from Security-Onion-Solutions/2.4.211 2.4.211	2026-03-12 13:10:14 -04:00