diff mbox series

[14/20] suricata: Use 64MB of RAM for defragmentation

Message ID	20190228142825.5153-15-michael.tremer@ipfire.org
State	Accepted
Commit	7eed864c93d143ef943b9f3f8bdf7b40a440cb71
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 14/20] suricata: Use 64MB of RAM for defragmentation Date: Thu, 28 Feb 2019 14:28:19 +0000 Message-Id: <20190228142825.5153-15-michael.tremer@ipfire.org> In-Reply-To: <20190228142825.5153-1-michael.tremer@ipfire.org> References: <20190228142825.5153-1-michael.tremer@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	Suricata Configuration Updates \| [00/20] Suricata Configuration Updates [01/20] Revert "Suricata: detect DNS events on port 853, too" [02/20] suricata: Set max-pending-packets to 1024 [03/20] suricata: Set default packet size to 1514 [04/20] suricata: Set detection profile to high [05/20] suricata: Drop profiling section from configuration [06/20] suricata: Drop some commented stuff from configuration [07/20] suricata: Drop sections that require Rust [08/20] suricata: Configure HTTP decoder [09/20] suricata: Allow 32MB of RAM for DNS decoding [10/20] suricata: Drop parsers I have never heard of [11/20] suricata: We do not use any IP reputation lists [12/20] suricata: Log to syslog [13/20] suricata: Use the correct path for the magic database [14/20] suricata: Use 64MB of RAM for defragmentation [15/20] suricata: Use up to 256MB of RAM for the flow cache [16/20] suricata: Log to syslog like a normal process [17/20] suricata: Increase memory size for the stream engine [18/20] suricata: Disable decoding for Teredo [19/20] suricata: Start capture first and then load rules [20/20] suricata: Fix syntax error

Commit Message

Michael Tremer March 1, 2019, 1:28 a.m. UTC

  Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata.yaml | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff mbox series

Patch

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 6015c9e6d..397ddcb25 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -384,27 +384,13 @@  host-os-policy:
 # Defrag settings:
 
 defrag:
-  memcap: 32mb
+  memcap: 64mb
   hash-size: 65536
   trackers: 65535 # number of defragmented flows to follow
   max-frags: 65535 # number of fragments to keep (higher than trackers)
   prealloc: yes
   timeout: 60
 
-# Enable defrag per host settings
-#  host-config:
-#
-#    - dmz:
-#        timeout: 30
-#        address: [192.168.1.0/24, 127.0.0.0/8, 1.1.1.0/24, 2.2.2.0/24, "1.1.1.1", "2.2.2.2", "::1"]
-#
-#    - lan:
-#        timeout: 45
-#        address:
-#          - 192.168.0.0/24
-#          - 192.168.10.0/24
-#          - 172.16.14.0/24
-
 # Flow settings:
 # By default, the reserved memory (memcap) for flows is 32MB. This is the limit
 # for flow allocation inside the engine. You can change this value to allow