From 0b340f0938e5f292f74f5f2e60b3d46d473f2096 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 28 Feb 2019 14:28:22 +0000
Subject: [PATCH] suricata: Increase memory size for the stream engine

This change also ensures that suricata has a decent number
of streams preallocated to be able to handle any bursts in traffic.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/suricata/suricata.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 7eb8027b2a..0131059108 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -627,7 +627,8 @@ flow-timeouts:
 #                               # is used in a rule.
 #
 stream:
-  memcap: 64mb
+  memcap: 256mb
+  prealloc-sessions: 4k
   checksum-validation: yes      # reject wrong csums
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
@@ -636,10 +637,9 @@ stream:
     toserver-chunk-size: 2560
     toclient-chunk-size: 2560
     randomize-chunk-size: yes
-    #randomize-chunk-range: 10
-    #raw: yes
-    #segment-prealloc: 2048
-    #check-overlap-different-data: true
+    raw: yes
+    segment-prealloc: 2048
+    check-overlap-different-data: true
 
 # Host table:
 #
-- 
2.39.2