Feature #5838
opendpdk: NIC encapsulation stripping
Description
Possibly an experiment, especially aimed at IDS setups, where Suricata is not interested in encapsulation inspection.
Some NICs offer native HW offload and that could shave off a few bytes of each packet.
The offload would target the DPDK capture interface.
Updated by Philippe Antoine over 1 year ago
- Related to Task #6443: Suricon 2023 brainstorm added
Updated by Lukas Sismis 3 months ago
Updated by Victor Julien 3 months ago
- Related to Feature #7330: dpdk: support HW VLAN stripping added
Updated by Lukas Sismis about 2 months ago
- Status changed from Assigned to In Progress
- Assignee changed from Lukas Sismis to Adam Kiripolsky
Partially completed.
VLAN stripping:
https://github.com/OISF/suricata/pull/12016
Possible other updates:
other rte_flow actions such as:
OF_POP_VLAN
OF_POP_MPLS
VXLAN_DECAP
NVGRE_DECAP
Updated by Lukas Sismis about 2 months ago
As this is not yet part of a stable release I propose to change vlan-stripping-offload: bool configuration name to something more generic, e.g.:
encap-stripping: ["vlan", "geneve", "mpls"]
This could be in the form of an array, where individual stripping offloads would be listed. This can save us from having individual stripping offloads listed as boolean properties.
Updated by Lukas Sismis 1 day ago
Docs update merged in https://github.com/OISF/suricata/pull/12877