Thanks alot for the example. It really helps. We will try this out and get back.
Here is a brief on the VPP IDPS packet inspection goal which we are working upon:
- The VPP binary has a plugin for each module. Likewise we have a plugin for IDPS (Intrusion Detection and Prevention System).
- The packets received on any interface would be copied CPU in the VPP module which will be given to IDPS plugin over a call back function.
- So each packet (pkt buffer) received on IDPS plugin, needs to be injected to Suricata (running as library for inspection). The updated proofpoint rules are downloaded from cloud server per day or per week based on the configurations/design.
My next question is that, how do we handle ruleset updates?
What are the suricata library APIs to be used for that?