async_oneside: false # do not enable async stream handling
inline: no # stream inline mode
drop-invalid: yes # drop invalid packets
+ bypass: no
-The 'drop-invalid' option can be set to no to avoid blocking packets that are
+The ``drop-invalid`` option can be set to no to avoid blocking packets that are
seen invalid by the streaming engine. This can be useful to cover some weird cases
seen in some layer 2 IPS setup.
+The ``bypass`` option activates 'bypass' for a flow/session when either side
+of the session reaches its ``depth``.
+
+.. warning:: ``bypass`` can lead to missing important traffic. Use with care.
+
**Example 11 Normal/IDS mode**
Suricata inspects traffic in chunks.
# inline: no # stream inline mode
# drop-invalid: yes # in inline mode, drop packets that are invalid with regards to streaming engine
# max-synack-queued: 5 # Max different SYN/ACKs to queue
-# bypass: no # Bypass packets when stream.depth is reached
+# bypass: no # Bypass packets when stream.depth is reached.
+# # Warning: first side to reach this triggers
+# # the bypass.
#
# reassembly:
# memcap: 64mb # Can be specified in kb, mb, gb. Just a number
projects / thirdparty / suricata.git / commitdiff
