DPDK Mode - Support for L3 In-Line Configuration (iptables/nftables equivalent)

Hi everyone,

I’m currently exploring Suricata in DPDK mode and wanted to ask whether it supports Layer 3 in-line configurations similar to what is described in the documentation for standard Linux deployments using iptables or nftables:

• 15. Setting up IPS/inline for Linux — Suricata 8.0.0-rc1-dev documentation
• 15. Setting up IPS/inline for Linux — Suricata 8.0.0-rc1-dev documentation

Specifically, is there support in DPDK mode for setting up in-line IPS at L3, or is it limited to L2 (Ethernet bridging) mode only?
If this is not currently supported, are there any plans to implement L3 in-line functionality for DPDK mode in future releases?

Another reason for asking this has to do with public cloud platforms were L2 in-line is not possible

Thanks in advance!

Hi Chris,

By default, L2 is supported indeed.
For L3 forwarding, you would need, e.g., VPP/OvS to route the traffic for you - but I don’t have nearly any experience with this. Though if it would need some implementation changes, I am happy to help - I see it as a good use case indeed.