[Oisf-users] Suricata at 10G, packet reassembly

Collyer, Jeffrey W. (jwc3f) jwc3f at virginia.edu
Thu Feb 2 14:33:27 UTC 2017

Here is the stream section.  Everything that wasn’t commented out.  I think its just the defaults, so that may need some tuning.

  memcap: 64mb
  checksum-validation: yes      # reject wrong csums
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
    memcap: 256mb
    depth: 1mb                  # reassemble 1mb into a stream
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560
    randomize-chunk-size: yes

Jeffrey Collyer
Information Security Engineer
University of Virginia

On Feb 1, 2017, at 4:14 PM, Peter Manev <petermanev at gmail.com<mailto:petermanev at gmail.com>> wrote:

On Wed, Feb 1, 2017 at 3:04 PM, Collyer, Jeffrey W. (jwc3f)
<jwc3f at virginia.edu<mailto:jwc3f at virginia.edu>> wrote:

Yes it does not look right....

Can you please share your stream and reassembly section from your
suricata.yaml as well ?
( https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L1197

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170202/785fff46/attachment-0002.html>

More information about the Oisf-users mailing list