Protocol aware flushing of HTTP, SMB and DCE/RPC can be enabled with this option:
config paf_max: <max-pdu>
where <max-pdu> is between zero (off) and 63780. This allows Snort to statefully scan a stream and reassemble a complete PDU regardless of segmentation. For example, multiple PDUs within a single TCP segment, as well as one PDU spanning multiple TCP segments will be reassembled into one PDU per packet for each PDU. PDUs larger than the configured maximum will be split into multiple packets.