diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index bde02112b179..f22dbbec1481 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -1657,13 +1657,13 @@ as raw ``content`` inspection will still be disabled. There is no point in doing pattern matching on traffic known to be encrypted. Inspection for (encrypted) Heartbleed and other protocol anomalies still happens. -When ``encryption-handling`` is set to ``bypass``, all processing of this session is -stopped. No further parsing and inspection happens. If ``stream.bypass`` is enabled -this will lead to the flow being bypassed, either inside Suricata or by the -capture method if it supports it and is configured for it. +When ``encryption-handling`` is set to ``bypass``, all processing of this +session is stopped. No further parsing and inspection happens. This will also +lead to the flow being bypassed, either inside Suricata or by the capture method +if it supports it and is configured for it. -Finally, if ``encryption-handling`` is set to ``full``, Suricata will process the -flow as normal, without inspection limitations or bypass. +Finally, if ``encryption-handling`` is set to ``full``, Suricata will process +the flow as normal, without inspection limitations or bypass. The option has replaced the ``no-reassemble`` option. If ``no-reassemble`` is present, and ``encryption-handling`` is not, ``false`` is interpreted as @@ -1989,12 +1989,12 @@ are typically provided through the command line, are contained in the node parameters. There are two ways to specify arguments: lengthy and short. Dashes are omitted when describing the arguments. This setup node can be used to set up the memory configuration, accessible NICs, and other EAL-related -parameters, among other things. The node `dpdk.eal-params` also supports -multiple arguments of the same type. This can be useful for EAL arguments -such as `--vdev`, `--allow`, or `--block`. Values for these EAL arguments -are specified as a comma-separated list. -An example of such usage can be found in the example above where the `allow` -argument only makes `0000:3b:00.0` and `0000:3b:00.1` accessible to Suricata. +parameters, among other things. The node `dpdk.eal-params` also supports +multiple arguments of the same type. This can be useful for EAL arguments +such as `--vdev`, `--allow`, or `--block`. Values for these EAL arguments +are specified as a comma-separated list. +An example of such usage can be found in the example above where the `allow` +argument only makes `0000:3b:00.0` and `0000:3b:00.1` accessible to Suricata. arguments with list node. such as --vdev, --allow, --block eal options. The definition of lcore affinity as an EAL parameter is a standard practice. However, lcore parameters like `-l`, `-c`, diff --git a/doc/userguide/performance/ignoring-traffic.rst b/doc/userguide/performance/ignoring-traffic.rst index a2c7a8825528..712d1ff0b1e1 100644 --- a/doc/userguide/performance/ignoring-traffic.rst +++ b/doc/userguide/performance/ignoring-traffic.rst @@ -74,9 +74,10 @@ encrypted traffic ----------------- The TLS app layer parser has the ability to stop processing encrypted traffic -after the initial handshake. By setting the `app-layer.protocols.tls.encryption-handling` -option to `bypass` the rest of this flow is ignored. If flow bypass is enabled, -the bypass is done in the kernel or in hardware. +after the initial handshake. By setting the +`app-layer.protocols.tls.encryption-handling` option to `bypass` the rest of +this flow is ignored. The bypass is done in the kernel or in hardware, similar +to how flow bypass is done. .. _bypass: