PF_RING™ FT assists flow processing applications in packet classification. It implements a flow table to track flows and provides customization hooks for building applications like probes, IDSs, IPSs, and L7 firewalls. While distributed with PF_RING™, it can be used with third-party packet capture frameworks like Libpcap and DPDK due to its capture-agnostic data-ingestion API. The API simplifies the design and implementation of flow processing applications, enabling complex tasks with minimal code. The application flow is event-driven, allowing registration to events like "new flow" or "flow expired" to compute actions based on flow status, which can be extended with custom metadata. PF_RING™ FT integrates with nDPI for L7 protocol information, eliminating the need for direct nDPI library interaction. It categorizes traffic using nDPI categories and Intel Hyperscan for pattern matching. The L7 filtering engine filters flows based on application protocol, and applications can mark flows for filtering or shunting based on custom policies. It accelerates CPU-bound applications like Suricata, Bro, and Snort by shunting flows based on application protocol, reducing traffic inspection and improving performance. Unlike Suricata's eBPF-based shunting, PF_RING™ FT offers flexible packet parsing and flow state management. PF_RING™ FT is optimized for performance, processing 10 Gbit line-rate on a single CPU core and scaling to 100 Gbit on multi-core systems.

Features & Benefits

• Clean and Simple API
  • Simplifies the design and implementation of flow processing applications.
• Event Hooks
  • Enables event-driven application design with hooks for events like "new flow" and "flow expired".
• nDPI Integration
  • Provides L7 protocol information out of the box, categorizing traffic using nDPI and Intel Hyperscan.
• L7 Filtering and Shunting
  • Filters flows based on application protocol and allows marking flows for custom filtering policies.
• IDS Acceleration
  • Accelerates CPU-bound applications like Suricata by shunting flows based on application protocol.
• Performance
  • Processes 10 Gbit line-rate on a single CPU core and scales to 100 Gbit on multi-core systems.