Introducing PF_RING 8.6: Runtime Filtering and On Demand IDS at 100 Gbit

Posted · Add Comment

This is to announce a new PF_RING release 8.6 !

This stable release introduces a new Runtime component in PF_RING, which adds support for runtime filtering. This allows an external application to push filtering rules (through a Redis queue) while the socket is running, and offload them to the adapter when supported (e.g. on NVIDIA/Mellanox Connect-X adapters). This enables Zeek and Suricata “on-demand” at 100 Gbit as discussed in a previous post.

This release also adds support for Debian 12 and latest 6.x kernel shipped with Ubuntu 22 LTS. Many other improvements are available in this release, please check the full changelog below for the whole list! Enjoy!

Changelog

PF_RING Library

  • New Runtime Manager for injecting and removing filtering rules to the socket via Redis
  • Fix caplen/MTU on loopback capture

PF_RING Kernel Module

  • Add support for probabilistic sampling with kernel capture

PF_RING Capture Modules and ZC Drivers

  • Add initial support for NVIDIA/Mellanox BlueField
  • Add Napatech ns timestamp in PCAP mode
  • Add support for probabilistic sampling with userspace capture
  • Optimize hw timestamping on ice adapters (Intel E810)
  • Fix timestamp support when using the ZC burst API with ice adapters
  • Fix drivers compilation on Kernel 6.x
  • Fix drivers compilation on RH 8.8
  • Fix memory leaks in PCAP module

FT Library

  • Improve application protocol guess with nDPI

nPCAP

  • Fix memory corruption in traffic extraction with big index files

PF_RING-aware Libpcap/Tcpdump

  • Add PF_RING support to pcap_inject
  • Fix pcap_read_pf_ring return code (number of packets)

Examples

  • zbalance_ipc: add support for multiple balancer threads when using NVIDIA/Mellanox adapters
  • pfsend: add -c option to balance on dest ip rather than src up
  • pfcount: compute drop rate in packet mode only
  • pfcount: report expired licenses
  • Fix ftflow_dpdk compilation on DPDK 22 or later
  • Fix memory leaks in pcount, alldevs, preflect, ftflow_pcap

Misc

  • Add support for Debian 12
  • Add libelf and libbpf dependencies to packages
  • Add sbsigntool dependency which includes kmodsign required by dkms
  • Add revision to pfring-dkms dependency in packages
  • Fix check for init/systemd presence
  • Cleanup support for legacy adapters