How would one go about sending packets to Suricata 7 via C code? I’ve looked around in the source code for a while. I’ve gotten a bit confused with how a packet is initially received, sent to the engine and then classified as triggering a rule or not. Also, Suricata would be run in process. It would not be a separate service or a process.
An example of what the C method might look like would be:
int process_packet(void* data, int data_len, int tenant, struct suricata_rules* rules);
The definition of “struct suricata_rules” is TBD. At a minimum it would have information regarding what rules were triggered.
The goal is to create a C library that could be used by
- a cli tool too process packets from something like a pcap file
- a specialized service on a router running OpenWrt
- a DPDK plugin.
I know that Suricata can do all of these natively, but due to specific requirements of this project a reusable C method/library would be most efficient for us.
I know we would need to write code. This isn’t an issue. I’m just trying to figure out where to start.
Any and all suggestions appreciated!
~Chelsea