From b3b983afe649188267af4f8c50862b0870c1077f Mon Sep 17 00:00:00 2001
From: Andrea De Pasquale <andrea@de-pasquale.name>
Date: Wed, 6 Jan 2021 11:14:24 +0100
Subject: [PATCH] Change method to get default Suricata interface

On some systems, interface number 2 is not always the correct one.
With AWK we now collect the first active interface having both an
address and a broadcast.
---
 docker/suricata/Dockerfile             | 2 +-
 docker/suricata/Dockerfile.from.source | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/suricata/Dockerfile b/docker/suricata/Dockerfile
index ae26908a..965600e0 100644
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@@ -34,4 +34,4 @@ RUN apk -U --no-cache add \
 #
 # Start suricata
 STOPSIGNAL SIGINT
-CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
+CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }')
diff --git a/docker/suricata/Dockerfile.from.source b/docker/suricata/Dockerfile.from.source
index 97edc894..215e49ed 100644
--- a/docker/suricata/Dockerfile.from.source
+++ b/docker/suricata/Dockerfile.from.source
@@ -135,4 +135,4 @@ RUN    apk -U add \
 #
 # Start suricata
 STOPSIGNAL SIGINT
-CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
+CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }')