diff --git a/CHANGES b/CHANGES
index deefa58b54..d0ee3ef94e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-210 | 2019-04-10 09:54:27 -0700
+
+  * Add options to tune BinPAC flowbuffer policy (Jon Siwek, Corelight)
+
 2.6-208 | 2019-04-10 11:36:17 +0000
 
   * Improve PE file analysis (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index 2395714eb0..6a2bab19b3 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-208
+2.6-210
diff --git a/aux/binpac b/aux/binpac
index bb2476465e..2c8d31a439 160000
--- a/aux/binpac
+++ b/aux/binpac
@@ -1 +1 @@
-Subproject commit bb2476465e304a00c368bd73d40cc6f734be5311
+Subproject commit 2c8d31a439a3712af3a7a0342a955a78784521a5
diff --git a/doc b/doc
index 6b81dd79eb..97af751958 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit 6b81dd79ebef6372da961177852e4ea5c65dd5fa
+Subproject commit 97af751958172622862bf0da694d6386967d5d24
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index e94efd07df..3b6962f509 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -5051,6 +5051,26 @@ export {
 	option sampling_duration = 10min;
 }
 
+module BinPAC;
+export {
+	## Maximum capacity, in bytes, that the BinPAC flowbuffer is allowed to
+	## grow to for use with incremental parsing of a given connection/analyzer.
+	const flowbuffer_capacity_max = 10 * 1024 * 1024 &redef;
+
+	## The initial capacity, in bytes, that will be allocated to the BinPAC
+	## flowbuffer of a given connection/analyzer.  If the buffer buffer is
+	## later contracted, its capacity is also reduced to this size.
+	const flowbuffer_capacity_min = 512 &redef;
+
+	## The threshold, in bytes, at which the BinPAC flowbuffer of a given
+	## connection/analyzer will have its capacity contracted to
+	## :bro:see:`BinPAC::flowbuffer_capacity_min` after parsing a full unit.
+	## I.e. this is the maximum capacity to reserve in between the parsing of
+	## units.  If, after parsing a unit, the flowbuffer capacity is greater
+	## than this value, it will be contracted.
+	const flowbuffer_contract_threshold = 2 * 1024 * 1024 &redef;
+}
+
 module GLOBAL;
 
 ## Seed for hashes computed internally for probabilistic data structures. Using
diff --git a/src/main.cc b/src/main.cc
index 473f3a72e7..1116b8c331 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -891,10 +891,6 @@ int main(int argc, char** argv)
 	if ( events_file )
 		event_player = new EventPlayer(events_file);
 
-	// Must come after plugin activation (and also after hash
-	// initialization).
-	binpac::init();
-
 	init_event_handlers();
 
 	md5_type = new OpaqueType("md5");
@@ -945,6 +941,17 @@ int main(int argc, char** argv)
 	init_net_var();
 	init_builtin_funcs_subdirs();
 
+	// Must come after plugin activation (and also after hash
+	// initialization).
+	binpac::FlowBuffer::Policy flowbuffer_policy;
+	flowbuffer_policy.max_capacity = global_scope()->Lookup(
+		"BinPAC::flowbuffer_capacity_max")->ID_Val()->AsCount();
+	flowbuffer_policy.min_capacity = global_scope()->Lookup(
+		"BinPAC::flowbuffer_capacity_min")->ID_Val()->AsCount();
+	flowbuffer_policy.contract_threshold = global_scope()->Lookup(
+		"BinPAC::flowbuffer_contract_threshold")->ID_Val()->AsCount();
+	binpac::init(&flowbuffer_policy);
+
 	plugin_mgr->InitBifs();
 
 	if ( reporter->Errors() > 0 )