From a3f07ec02e732ec3533c8760cd8b8caa043ff0bc Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Mon, 5 Jun 2017 16:41:47 +0200
Subject: [PATCH] doc: document drop-invalid option.

---
 doc/userguide/configuration/suricata-yaml.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index 15bc00287b..4aea0d27f7 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1287,6 +1287,11 @@ anomalies in streams. See :ref:`host-os-policy`.
     midstream: false             # do not allow midstream session pickups
     async_oneside: false         # do not enable async stream handling
     inline: no                   # stream inline mode
+    drop-invalid: yes            # drop invalid packets
+
+The 'drop-invalid' option can be set to no to avoid blocking packets that are
+seen invalid by the streaming engine. This can be useful to cover some weird cases
+seen in some layer 2 IPS setup.
 
 **Example 11   Normal/IDS mode**
 
-- 
2.47.2