This change also ensures that suricata has a decent number of streams preallocated to be able to handle any bursts in traffic.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/suricata/suricata.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 9537e9e12..40777f3ad 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -537,7 +537,8 @@ flow-timeouts: # # is used in a rule. # stream: - memcap: 64mb + memcap: 256mb + prealloc-sessions: 4k checksum-validation: yes # reject wrong csums inline: auto # auto will use inline mode in IPS mode, yes or no set it statically reassembly: @@ -546,10 +547,9 @@ stream: toserver-chunk-size: 2560 toclient-chunk-size: 2560 randomize-chunk-size: yes - #randomize-chunk-range: 10 - #raw: yes - #segment-prealloc: 2048 - #check-overlap-different-data: true + raw: yes + segment-prealloc: 2048 + check-overlap-different-data: true
# Host table: #