doc/stream: briefly explain bypass

doc/userguide/configuration/suricata-yaml.rst

@@ -1194,11 +1194,17 @@ anomalies in streams. See :ref:`host-os-policy`.
     async_oneside: false         # do not enable async stream handling
     inline: no                   # stream inline mode
     drop-invalid: yes            # drop invalid packets
+    bypass: no
 
-The 'drop-invalid' option can be set to no to avoid blocking packets that are
+The ``drop-invalid`` option can be set to no to avoid blocking packets that are
 seen invalid by the streaming engine. This can be useful to cover some weird cases
 seen in some layer 2 IPS setup.
 
+The ``bypass`` option activates 'bypass' for a flow/session when either side
+of the session reaches its ``depth``.
+
+.. warning:: ``bypass`` can lead to missing important traffic. Use with care.
+
 **Example 11   Normal/IDS mode**
 
 Suricata inspects traffic in chunks.

suricata.yaml.in

@@ -1303,7 +1303,9 @@ flow-timeouts:
 #   inline: no                  # stream inline mode
 #   drop-invalid: yes           # in inline mode, drop packets that are invalid with regards to streaming engine
 #   max-synack-queued: 5        # Max different SYN/ACKs to queue
-#   bypass: no                  # Bypass packets when stream.depth is reached
+#   bypass: no                  # Bypass packets when stream.depth is reached.
+#                               # Warning: first side to reach this triggers
+#                               # the bypass.
 #
 #   reassembly:
 #     memcap: 64mb              # Can be specified in kb, mb, gb.  Just a number