Napatech as a Plugin

Suricata 8.0 moves Napatech packet capture support to a dynamically loaded plugin. For convenience, this plugin is still bundled with Suricata, but it may be removed from the Suricata source tree into its own repository in a future release.

Upgrading

Suricata 8.0 continues to respect the --enable-napatech compile time option, as well as the --napatech command-line options, and also the napatech section of the configuration file.

Note

When the Napatech capture plugin is eventually removed from the Suricata source tree these options may be removed and/or changed as this would allow the Napatech capture plugin to have its own release cycle and make changes independent of Suricata.

However, the napatech capture plugin must be loaded before it can be used. If doing a fresh build of Suricata with Napatech support, the suricata.yaml configuration file should be configured to load the plugin already, for example:

plugins:
  - /usr/lib/suricata/napatech.so

If you are upgrading, you will need to add the location of napatech.so to the plugins section of your suricata.yaml manually, as shown above.

Existing Napatech command-line options and configuration should continue to work.

Caveats

Currently building the Napatech capture plugin is not compatible with the --disable-shared configure argument.