]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 47b5fc0) | patch
stream: add option to disable raw reassembly
authorVictor Julien <victor@inliniac.net>
Thu, 28 Nov 2013 18:02:14 +0000 (19:02 +0100)
committerVictor Julien <victor@inliniac.net>
Mon, 9 Dec 2013 14:09:07 +0000 (15:09 +0100)
commit8522da8ea505aca02b722a9cb3c22a3a00a25812
treede9377182f7fb557639670c6703593cc787825b3tree
parent47b5fc0934e938eb9e1badaf3aebd4450dbcf559commit | diff
stream: add option to disable raw reassembly

Raw reassembly is used only by the detection engine. For users only
caring about logging it's a significant overhead, both in cpu and
memory usage.

The option is called 'raw' and lives under the stream.reassembly
options.

stream:
  memcap: 32mb
  checksum-validation: yes      # reject wrong csums
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
  reassembly:
    memcap: 64mb
    depth: 1mb                  # reassemble 1mb into a stream
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560
    randomize-chunk-size: yes
    #randomize-chunk-range: 10
    raw: false # <- new option
src/stream-tcp-private.h diff | blob | blame | history
src/stream-tcp-reassemble.c diff | blob | blame | history
src/stream-tcp.c diff | blob | blame | history
src/stream-tcp.h diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git