Feature #5838
open
dpdk: NIC encapsulation stripping
Added by Lukas Sismis about 2 years ago.
Updated 3 days ago.
Description
Possibly an experiment, especially aimed at IDS setups, where Suricata is not interested in encapsulation inspection.
Some NICs offer native HW offload and that could shave off a few bytes of each packet.
The offload would target the DPDK capture interface.
- Related to Task #6443: Suricon 2023 brainstorm added
- Status changed from New to Assigned
- Status changed from Assigned to In Progress
- Assignee changed from Lukas Sismis to Adam Kiripolsky
As this is not yet part of a stable release I propose to change vlan-stripping-offload: bool configuration name to something more generic, e.g.:
encap-stripping: ["vlan", "geneve", "mpls"]
This could be in the form of an array, where individual stripping offloads would be listed. This can save us from having individual stripping offloads listed as boolean properties.
- Target version changed from 8.0.0-beta1 to 9.0.0-beta1
Also available in: Atom
PDF