[Packetbeat] Add config option for AF_PACKET fanout group

[andrewkroh]

Describe the enhancement:

Add a configuration to set an AF_PACKET fanout group (uint16). If two different Packetbeat processes use the same group ID, they'll "share" packets between them. By utilizing PACKET_FANOUT_HASH mode Linux will split traffic between each member process. Flows with the same hash are always routed to the same process. Each Packetbeat process must be configured with the same af_packet device settings.

Packetbeat may need to use PACKET_FANOUT_FLAG_DEFRAG to get consistent hashing in the case of fragmented packets.

• https://pkg.go.dev/github.com/google/gopacket/afpacket#TPacket.SetFanout

• https://www.man7.org/linux/man-pages/man7/packet.7.html

Describe a specific use case for the enhancement or feature:

This will allow multiple Packetbeat processes to run in parallel and split the work.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)