1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
:orphan: Document only referenced from upgrade.rst
PF_RING as a Plugin
===================
Suricata 8.0 moves PF_RING support to a dynamically loaded plugin. For
convenience, this plugin is still bundled with Suricata, but it may be
removed from the Suricata source tree into its own repository in a
future release.
Upgrading
---------
Suricata 8.0 continues to respect the ``--enable-pfring`` compile time
option, as well as the ``--pfring*`` command line options, and also
the ``pfring`` section of the configuration file.
.. note:: When the PF_RING plugin is eventually removed from the
Suricata source tree these options may be removed and/or
changed as this would allow the PF_RING plugin to have its
own release cycle and make changes independent of Suricata.
However, the ``pfring`` plugin must be loaded before it can be
used. If doing a fresh build of Suricata with PF_RING support, the
``suricata.yaml`` configuration file should be configured to load the
plugin already, for example::
plugins:
- /usr/lib/suricata/pfring.so
If you are upgrading, you will need to add the location of
``pfring.so`` to the ``plugins`` section of your ``suricata.yaml``
manually.
Then your existing PF_RING command line options and configuration
should continue to work.
Caveats
-------
Currently building the PF_RING plugin is not compatible with the
``--disable-shared`` configure argument.
|
