suricata: Enable midstream scanning

We require this because Suricata might be restarted due to development
or rule refreshment purposes. We should then try to resume any
decoders/app-layers wherever possible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 4c948bddd58cd331cd5c38b7f58da28666079f6f..8eca7bf50a480bbd16dc686c99081a23b6f9b8c7 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -1116,7 +1116,7 @@ stream:
   prealloc-sessions: 4096
   #memcap-policy: ignore
   checksum-validation: yes      # reject incorrect csums
-  #midstream: false
+  midstream: true
   midstream-policy: pass-packet
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   bypass: yes                   # Bypass packets when stream.reassembly.depth is reached.