From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 8 Apr 2024 14:57:49 +0000 (+0000)
Subject: suricata: Enable midstream scanning
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=763c7f67fa93f4a2f0284a6a65fb39a13d76844b;p=people%2Fstevee%2Fipfire-2.x.git

suricata: Enable midstream scanning

We require this because Suricata might be restarted due to development
or rule refreshment purposes. We should then try to resume any
decoders/app-layers wherever possible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 4c948bddd..8eca7bf50 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -1116,7 +1116,7 @@ stream:
   prealloc-sessions: 4096
   #memcap-policy: ignore
   checksum-validation: yes      # reject incorrect csums
-  #midstream: false
+  midstream: true
   midstream-policy: pass-packet
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   bypass: yes                   # Bypass packets when stream.reassembly.depth is reached.