suricata: Enable midstream scanning

We require this because Suricata might be restarted due to development or rule refreshment purposes. We should then try to resume any decoders/app-layers wherever possible. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-27 19:23:24 +02:00 · 2024-04-08 14:57:49 +00:00
parent 76a4518091
commit 763c7f67fa
1 changed files with 1 additions and 1 deletions
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -1116,7 +1116,7 @@ stream:
  prealloc-sessions: 4096
  #memcap-policy: ignore
  checksum-validation: yes      # reject incorrect csums
-  #midstream: false
+  midstream: true
  midstream-policy: pass-packet
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
  bypass: yes                   # Bypass packets when stream.reassembly.depth is reached.