## Step 4: App Layer Protocol configuration
##
-# Configure the app-layer parsers. The protocol's section details each
-# protocol.
+# Configure the app-layer parsers.
+#
+# The error-policy setting applies to all app-layer parsers. Values can be
+# "drop-flow", "pass-flow", "bypass", "drop-packet", "pass-packet" or "ignore"
+# (the default).
+#
+# The protocol's section details each protocol.
#
# The option "enabled" takes 3 values - "yes", "no", "detection-only".
# "yes" enables both detection and the parser, "no" disables both, and
# "detection-only" enables protocol detection only (parser disabled).
app-layer:
+ # error-policy: ignore
protocols:
rfb:
enabled: yes
# Defrag settings:
+# The memcap-policy value can be "drop-flow", "pass-flow", "bypass",
+# "drop-packet", "pass-packet" or "ignore" (which is the default).
defrag:
memcap: 32mb
+ # memcap-policy: ignore
hash-size: 65536
trackers: 65535 # number of defragmented flows to follow
max-frags: 65535 # number of fragments to keep (higher than trackers)
# last time seen flows.
# The memcap can be specified in kb, mb, gb. Just a number indicates it's
# in bytes.
+# The memcap-policy can be "drop-flow", "pass-flow", "bypass", "drop-packet",
+# "pass-packet" or "ignore" (which is the default).
flow:
memcap: 128mb
+ #memcap-policy: ignore
hash-size: 65536
prealloc: 10000
emergency-recovery: 30
# stream:
# memcap: 64mb # Can be specified in kb, mb, gb. Just a
# # number indicates it's in bytes.
+# memcap-policy: ignore # Can be "drop-flow", "pass-flow", "bypass",
+# # "drop-packet", "pass-packet" or "ignore"
+# # default is "ignore"
# checksum-validation: yes # To validate the checksum of received
# # packet. If csum validation is specified as
# # "yes", then packets with invalid csum values will not
# # option
# prealloc-sessions: 2k # 2k sessions prealloc'd per stream thread
# midstream: false # don't allow midstream session pickups
+# midstream-policy: ignore # Can be "drop-flow", "pass-flow", "bypass",
+# # "drop-packet", "pass-packet" or "ignore"
+# # default is "ignore"
# async-oneside: false # don't enable async stream handling
# inline: no # stream inline mode
# drop-invalid: yes # in inline mode, drop packets that are invalid with regards to streaming engine
# reassembly:
# memcap: 256mb # Can be specified in kb, mb, gb. Just a number
# # indicates it's in bytes.
+# memcap-policy: ignore # Can be "drop-flow", "pass-flow", "bypass",
+# # "drop-packet", "pass-packet" or "ignore"
+# # default is "ignore"
# depth: 1mb # Can be specified in kb, mb, gb. Just a number
# # indicates it's in bytes.
# toserver-chunk-size: 2560 # inspect raw stream in chunks of at least
#
stream:
memcap: 64mb
+ #memcap-policy: ignore
checksum-validation: yes # reject incorrect csums
+ #midstream: false
+ #midstream-policy: ignore
inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
reassembly:
memcap: 256mb
+ #memcap-policy: ignore
depth: 1mb # reassemble 1mb into a stream
toserver-chunk-size: 2560
toclient-chunk-size: 2560
projects / thirdparty / suricata.git / commitdiff
