Requirements:
- Run Suricata in divert mode and monitor multiple divert ports.
- Specify multiple rule sets for all divert ports. They are a one-to-one relationship, with one rule set for only one divert port.
- Write back all packets to the divert to which the packets come.
- There are many pairs of divert port and rule set, so it needs to run Suricata as a service in one process and multiple threads mode.
- It can restart Suricata after reconfiguration.
I know there can be multiple rule sets for interfaces using net mapping mode, so can divert mode?