CESNET Among the Leading Contributors to the Suricata Project

A key role in these enhancements is played by the DPDK rte_flow interface, which makes it possible to offload part of network packet filtering directly to network interface cards. This allows safe or uninteresting traffic flows to be intercepted before they reach Suricata’s analysis engine. CESNET has also contributed through additional improvements, such as removing VLAN headers, modernizing RSS configuration, and introducing static filtering and a dynamic traffic bypass. The dynamic bypass automatically identifies safe flows and excludes them at the hardware level, reducing the load on analysis. Combined with static filtering, this enables Suricata to make more efficient use of modern network cards and to process larger volumes of traffic without packet loss. These changes resulted from both the development of new features and the extension of Suricata’s existing infrastructure, and they are already partially included in Suricata version 8.

The first results of this collaboration were presented in May at the DPDK Summit in Prague and later in November at the annual Suricon conference in Montreal. CESNET’s substantial contribution was also confirmed by Suricata 8 community statistics: the association ranked 4th among contributing organizations, while the author of the enhancements, Adam Kiripolský, placed 8th in the individual contributors category.

The research was carried out within the activities of the Department of Administration and Security Tools and confirms that Czech networking and security expertise holds a visible position in the global open-source ecosystem.