From 763c7f67fa93f4a2f0284a6a65fb39a13d76844b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 8 Apr 2024 14:57:49 +0000
Subject: [PATCH] suricata: Enable midstream scanning

We require this because Suricata might be restarted due to development
or rule refreshment purposes. We should then try to resume any
decoders/app-layers wherever possible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 4c948bddd5..8eca7bf50a 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -1116,7 +1116,7 @@ stream:
   prealloc-sessions: 4096
   #memcap-policy: ignore
   checksum-validation: yes      # reject incorrect csums
-  #midstream: false
+  midstream: true
   midstream-policy: pass-packet
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   bypass: yes                   # Bypass packets when stream.reassembly.depth is reached.
-- 
2.39.5