From 18c6503a0821993450399ab61b1e7620cd22b002 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Tue, 30 Aug 2011 16:02:06 +0200
Subject: [PATCH] af-packet: change configuration format for multi interface

---
 suricata.yaml | 47 ++++++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/suricata.yaml b/suricata.yaml
index 25185dea32..bd832750c5 100644
--- a/suricata.yaml
+++ b/suricata.yaml
@@ -157,27 +157,32 @@ nfq:
 # af-packet support
 # Set threads to > 1 to use PACKET_FANOUT support
 af-packet:
-  # Number of receive threads (>1 will enable experimental flow pinned
-  # runmode)
-  threads: 1
-  # default network interface
-  interface: eth0
-  # Default clusterid.  AF_PACKET will load balance packets based on flow.
-  # All threads/processes that will participate need to have the same
-  # clusterid.
-  cluster-id: 99
-  # Default AF_PACKET cluster type. AF_PACKET can load balance per flow or per hash.
-  # This is only supported for Linux kernel > 3.1
-  # possible value are:
-  #  * cluster_round_robin: round robin load balancing
-  #  * cluster_flow: all packets of a given flow are send to the same socket
-  #  * cluster_cpu: all packets treated in kernel by a CPU are send to the same socket
-  cluster-type: cluster_round_robin
-  # In some fragmentation case, the hash can not be computed. If "defrag" is set
-  # to yes, the kernel will do the needed defragmentation before sending the packets.
-  defrag: yes
-  # recv buffer size, increase value could improve performance
-  # buffer-size: 32768
+  - interface: eth0
+    # Number of receive threads (>1 will enable experimental flow pinned
+    # runmode)
+    threads: 1
+    # Default clusterid.  AF_PACKET will load balance packets based on flow.
+    # All threads/processes that will participate need to have the same
+    # clusterid.
+    cluster-id: 99
+    # Default AF_PACKET cluster type. AF_PACKET can load balance per flow or per hash.
+    # This is only supported for Linux kernel > 3.1
+    # possible value are:
+    #  * cluster_round_robin: round robin load balancing
+    #  * cluster_flow: all packets of a given flow are send to the same socket
+    #  * cluster_cpu: all packets treated in kernel by a CPU are send to the same socket
+    cluster-type: cluster_round_robin
+    # In some fragmentation case, the hash can not be computed. If "defrag" is set
+    # to yes, the kernel will do the needed defragmentation before sending the packets.
+    defrag: yes
+    # recv buffer size, increase value could improve performance
+    # buffer-size: 32768
+  - interface: eth1
+    threads: 1
+    cluster-id: 98
+    cluster-type: cluster_round_robin
+    defrag: yes
+    # buffer-size: 32768
 
 defrag:
   max-frags: 65535