Has anyone looked at implementing Suricata as a netfilter kernel module?
I don’t want to use Suricata with NFQUEUE, but rather have packets matched against Suricata rules inside of a netfilter kernel module to avoid the overhead of moving packets to userspace. Ideally, only the data plane would be implemented in kernel space. The control plane would remain in userspace.
James Yonan
OpenVPN, Inc.