allow suricata config to tune max-pending-packets with SURICATA_MAX_P…

…ENDING_PACKETS variable
mmguero-dev · Nov 30, 2023 · 33c655c · 33c655c
1 parent e46b8d6
commit 33c655c
Showing 1 changed file with 19 additions and 17 deletions.
diff --git a/shared/bin/suricata_config_populate.py b/shared/bin/suricata_config_populate.py
@@ -135,6 +135,7 @@ def __call__(self, repr, data):
         'KRB5_ENABLED': True,
         'KRB5_EVE_ENABLED': False,
         'MANAGED_RULES_DIR': '/var/lib/suricata/rules',
+        'MAX_PENDING_PACKETS': 1024,
         'MODBUS_ENABLED': True,
         'MODBUS_EVE_ENABLED': False,
         'MODBUS_PORTS': 502,
@@ -1021,35 +1022,36 @@ def main():
         ['app-layer', 'protocols', 'ssh', 'hassh', 'SSH_HASSH'],
         ['app-layer', 'protocols', 'tls', 'ja3-fingerprints', 'TLS_JA3'],
         ['app-layer', 'protocols', 'tls', 'encryption-handling', 'TLS_ENCRYPTION_HANDLING'],
-        ['runmode', 'RUNMODE'],
+        ['asn1-max-frames', 'ASN1_MAX_FRAMES'],
         ['autofp-scheduler', 'AUTOFP_SCHEDULER'],
         ['default-packet-size', 'PACKET_SIZE'],
-        ['asn1-max-frames', 'ASN1_MAX_FRAMES'],
-        ['pcre', 'match-limit', 'PCRE_MATCH_LIMIT'],
-        ['pcre', 'match-limit-recursion', 'PCRE_RECURSION'],
-        ['defrag', 'memcap', 'DEFRAG_MEMCAP'],
+        ['default-rule-path', 'MANAGED_RULES_DIR'],
         ['defrag', 'hash-size', 'DEFRAG_HASH_SIZE'],
-        ['defrag', 'trackers', 'DEFRAG_TRACKERS'],
         ['defrag', 'max-frags', 'DEFRAG_MAX_FRAGS'],
+        ['defrag', 'memcap', 'DEFRAG_MEMCAP'],
         ['defrag', 'prealloc', 'DEFRAG_PREALLOC'],
         ['defrag', 'timeout', 'DEFRAG_TIMEOUT'],
-        ['flow', 'memcap', 'FLOW_MEMCAP'],
+        ['defrag', 'trackers', 'DEFRAG_TRACKERS'],
+        ['flow', 'emergency-recovery', 'FLOW_EMERGENCY_RECOVERY'],
         ['flow', 'hash-size', 'FLOW_HASH_SIZE'],
+        ['flow', 'memcap', 'FLOW_MEMCAP'],
         ['flow', 'prealloc', 'FLOW_PREALLOC'],
-        ['flow', 'emergency-recovery', 'FLOW_EMERGENCY_RECOVERY'],
-        ['vlan', 'use-for-tracking', 'VLAN_USE_FOR_TRACKING'],
-        ['stream', 'memcap', 'STREAM_MEMCAP'],
+        ['host', 'hash-size', 'HOST_HASH_SIZE'],
+        ['host', 'memcap', 'HOST_MEMCAP'],
+        ['host', 'prealloc', 'HOST_PREALLOC'],
+        ['max-pending-packets', 'MAX_PENDING_PACKETS'],
+        ['pcre', 'match-limit', 'PCRE_MATCH_LIMIT'],
+        ['pcre', 'match-limit-recursion', 'PCRE_RECURSION'],
+        ['runmode', 'RUNMODE'],
         ['stream', 'checksum-validation', 'STREAM_CHECKSUM_VALIDATION'],
         ['stream', 'inline', 'STREAM_INLINE'],
-        ['stream', 'reassembly', 'memcap', 'STREAM_REASSEMBLY_MEMCAP'],
+        ['stream', 'memcap', 'STREAM_MEMCAP'],
         ['stream', 'reassembly', 'depth', 'STREAM_REASSEMBLY_DEPTH'],
-        ['stream', 'reassembly', 'toserver-chunk-size', 'STREAM_REASSEMBLY_TOSERVER_CHUNK_SIZE'],
-        ['stream', 'reassembly', 'toclient-chunk-size', 'STREAM_REASSEMBLY_TOCLIENT_CHUNK_SIZE'],
+        ['stream', 'reassembly', 'memcap', 'STREAM_REASSEMBLY_MEMCAP'],
         ['stream', 'reassembly', 'randomize-chunk-size', 'STREAM_REASSEMBLY_RANDOMIZE_CHUNK_SIZE'],
-        ['host', 'memcap', 'HOST_MEMCAP'],
-        ['host', 'hash-size', 'HOST_HASH_SIZE'],
-        ['host', 'prealloc', 'HOST_PREALLOC'],
-        ['default-rule-path', 'MANAGED_RULES_DIR'],
+        ['stream', 'reassembly', 'toclient-chunk-size', 'STREAM_REASSEMBLY_TOCLIENT_CHUNK_SIZE'],
+        ['stream', 'reassembly', 'toserver-chunk-size', 'STREAM_REASSEMBLY_TOSERVER_CHUNK_SIZE'],
+        ['vlan', 'use-for-tracking', 'VLAN_USE_FOR_TRACKING'],
     ):
         deep_set(
             cfg,