Last week we have attended the DPDK Summit North America 2018 and talked about how to use nDPI over DPDK, a kernel-bypass toolkit similar to PF_RING. For those who have not attended the presentation, they can read the presentation slides.
As you will be read, nDPI is a cross platform deep packet inspection toolkit able to process about 10 Gbit of traffic with a single core on an Intel E3 CPU. Its code is portable across various architectures, you can use it from user space and kernel (not what we advise you to do), and you can find it in many Linux distribution and as well in MacOS.
Enjoy!