From b12967534a44c165cdef577de1dbc4fea93bce70 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Tue, 30 Oct 2012 07:46:42 +0100
Subject: [PATCH] stream.inline: add 'auto' mode

stream.inline YAML configuration variable now support the 'auto' value.
In this case, inline mode is activated for IPS running mode (NFQ and
IPFW) and is deactivated for IDS mode. This patch should fix bug #592.
---
 src/stream-tcp.c | 14 +++++++++++++-
 suricata.yaml.in |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index f25379d0da..32f61b14ff 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -396,8 +396,20 @@ void StreamTcpInitConfig(char quiet)
 
     int inl = 0;
 
-    if (ConfGetBool("stream.inline", &inl) == 1) {
+
+    char *temp_stream_inline_str;
+    if (ConfGet("stream.inline", &temp_stream_inline_str) == 1) {
+        /* checking for "auto" and falling back to boolean to provide
+         * backward compatibility */
+        if (strcmp(temp_stream_inline_str, "auto") == 0) {
+            if (IS_ENGINE_MODE_IPS(engine_mode)) {
+                stream_inline = 1;
+            } else {
+                stream_inline = 0;
+            }
+        } else if (ConfGetBool("stream.inline", &inl) == 1) {
             stream_inline = inl;
+        }
     }
 
     if (!quiet) {
diff --git a/suricata.yaml.in b/suricata.yaml.in
index d68075cd85..57e93e3323 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -570,7 +570,7 @@ flow-timeouts:
 stream:
   memcap: 32mb
   checksum-validation: yes      # reject wrong csums
-  inline: no                    # no inline mode
+  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
     memcap: 64mb
     depth: 1mb                  # reassemble 1mb into a stream