diff --git a/suricata.yaml b/suricata.yaml index c504b8924c..dbaa9baddb 100644 --- a/suricata.yaml +++ b/suricata.yaml @@ -329,25 +329,28 @@ flow-timeouts: # stream: # memcap: 33554432 # 32mb tcp session memcap # checksum_validation: yes # To validate the checksum of received - # packet. If csum validation is specified as - # "yes", then packet with invalid csum will not - # be processed by the engine stream/app layer. - # Warning: locally generated trafic can be - # generated without checksum due to hardware offload - # of checksum +# # packet. If csum validation is specified as +# # "yes", then packet with invalid csum will not +# # be processed by the engine stream/app layer. +# # Warning: locally generated trafic can be +# # generated without checksum due to hardware offload +# # of checksum # max_sessions: 262144 # 256k concurrent sessions # prealloc_sessions: 32768 # 32k sessions prealloc'd # midstream: false # don't allow midstream session pickups # async_oneside: false # don't enable async stream handling +# inline: no # stream inline mode +# # reassembly: # memcap: 67108864 # 64mb tcp reassembly memcap # depth: 1048576 # 1 MB reassembly depth stream: - memcap: 33554432 - checksum_validation: yes + memcap: 33554432 # 32mb + checksum_validation: yes # reject wrong csums + inline: no # no inline mode reassembly: - memcap: 67108864 - depth: 1048576 + memcap: 67108864 # 64mb for reassembly + depth: 1048576 # reassemble 1mb into a stream # Logging configuration. This is not about logging IDS alerts, but # IDS output about what its doing, errors, etc.