Using #19 as an example, as of the moment of its closure, both Zeek and Brimcap have support for this cooked/SLL link layer protocol but Suricata still doesn't. We can't be responsible for every downstream limitation of the pcap analyzers we embed with Brimcap, but to the degree that we're aware of ones that have impacted our users in the past and hence are likely to come up again in the future, I could start to list them in the Troubleshooting article. I'd probably want to link to the article from places like the build-zeek README.
Using #19 as an example, as of the moment of its closure, both Zeek and Brimcap have support for this cooked/SLL link layer protocol but Suricata still doesn't. We can't be responsible for every downstream limitation of the pcap analyzers we embed with Brimcap, but to the degree that we're aware of ones that have impacted our users in the past and hence are likely to come up again in the future, I could start to list them in the Troubleshooting article. I'd probably want to link to the article from places like the build-zeek README.
Also worthy of note: