idaholab#476, fix discrepancy between environment variables used to p…

…opulate Arkime's config.ini between Malcolm and Hedgehog

hedgehog-iso/interface/sensor_ctl/arkime/config.ini

@@ -60,7 +60,7 @@ pcapWriteSize=2560000
 simpleCompression=zstd
 simpleZstdLevel=3
 simpleGzipLevel=3
-packetThreads=5
+packetThreads=1
 maxPacketsInQueue=300000
 dbBulkSize=4000000
 rulesFiles=/dummy/rules.yml

hedgehog-iso/interface/sensor_ctl/control_vars.conf

@@ -10,12 +10,20 @@ export PCAP_SNAPLEN=0
 export PCAP_MAX_DISK_FILL=90
 export PCAP_PRUNE_CHECK_SECONDS=60
 
-export ARKIME_VIEWER_PORT=8005
-export ARKIME_PACKET_THREADS=5
 export ARKIME_ECS_PROVIDER=arkime
 export ARKIME_ECS_DATASET=session
+export ARKIME_VIEWER_PORT=8005
 export ARKIME_COMPRESSION_TYPE=zstd
 export ARKIME_COMPRESSION_LEVEL=3
+export ARKIME_PACKET_THREADS=1
+export ARKIME_DB_BULK_SIZE=4000000
+export ARKIME_MAGIC_MODE=basic
+export ARKIME_MAX_PACKETS_IN_QUEUE=300000
+export ARKIME_PCAP_WRITE_METHOD=simple
+export ARKIME_PCAP_WRITE_SIZE=2560000
+export ARKIME_PCAP_READ_METHOD=tpacketv3
+export ARKIME_TPACKETV3_NUM_THREADS=2
+export ARKIME_TPACKETV3_BLOCK_SIZE=8388608
 # ARKIME_VIEWER_(CERT|KEY) are under "$SUPERVISOR_PATH"/arkime/
 export ARKIME_VIEWER_CERT=viewer.crt
 export ARKIME_VIEWER_KEY=viewer.key

hedgehog-iso/interface/sensor_ctl/supervisor.d/arkime.conf

@@ -21,7 +21,6 @@ command=/opt/arkime/bin/capture %(ENV_ARKIME_HTTPS_FLAG)s
   -c "%(ENV_SUPERVISOR_PATH)s"/arkime/config.ini
   -o pcapDir="%(ENV_PCAP_PATH)s"
   -o bpf="%(ENV_CAPTURE_FILTER)s"
-  -o packetThreads=%(ENV_ARKIME_PACKET_THREADS)s
   -o dropUser=sensor
   -o dropGroup=netdev
   -o geoLite2Country="%(ENV_SUPERVISOR_PATH)s"/arkime/GeoLite2-Country.mmdb

hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh

@@ -78,6 +78,27 @@ if [[ -n $SUPERVISOR_PATH ]] && [[ -r "$SUPERVISOR_PATH"/arkime/config.ini ]]; t
     sed -r -i "s/(simpleGzipLevel)\s*=\s*.*/\1=$COMPRESSION_LEVEL/" "$ARKIME_CONFIG_FILE"
   fi
 
+  # capture performance-related settings
+  DB_BULK_SIZE="${ARKIME_DB_BULK_SIZE:-4000000}"
+  MAGIC_MODE="${ARKIME_MAGIC_MODE:-basic}"
+  MAX_PACKETS_IN_QUEUE="${ARKIME_MAX_PACKETS_IN_QUEUE:-300000}"
+  PACKET_THREADS="${ARKIME_PACKET_THREADS:-1}"
+  PCAP_READ_METHOD="${ARKIME_PCAP_READ_METHOD:-tpacketv3}"
+  PCAP_WRITE_METHOD="${ARKIME_PCAP_WRITE_METHOD:-simple}"
+  PCAP_WRITE_SIZE="${ARKIME_PCAP_WRITE_SIZE:-2560000}"
+  TPACKETV3_BLOCK_SIZE="${ARKIME_TPACKETV3_BLOCK_SIZE:-8388608}"
+  TPACKETV3_NUM_THREADS="${ARKIME_TPACKETV3_NUM_THREADS:-2}"
+
+  sed -r -i "s/(dbBulkSize)\s*=\s*.*/\1=$DB_BULK_SIZE/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(magicMode)\s*=\s*.*/\1=$MAGIC_MODE/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(maxPacketsInQueue)\s*=\s*.*/\1=$MAX_PACKETS_IN_QUEUE/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(packetThreads)\s*=\s*.*/\1=$PACKET_THREADS/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(pcapReadMethod)\s*=\s*.*/\1=$PCAP_READ_METHOD/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(pcapWriteMethod)\s*=\s*.*/\1=$PCAP_WRITE_METHOD/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(pcapWriteSize)\s*=\s*.*/\1=$PCAP_WRITE_SIZE/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(tpacketv3BlockSize)\s*=\s*.*/\1=$TPACKETV3_BLOCK_SIZE/" "$ARKIME_CONFIG_FILE"
+  sed -r -i "s/(tpacketv3NumThreads)\s*=\s*.*/\1=$TPACKETV3_NUM_THREADS/" "$ARKIME_CONFIG_FILE"
+
   # how often OpenSearch/Elasticsearch should create a new index
   if [[ -n $ARKIME_ROTATE_INDEX ]]; then
     sed -r -i "s/(rotateIndex)\s*=\s*.*/\1=$ARKIME_ROTATE_INDEX/" "$ARKIME_CONFIG_FILE"