Project

General

Profile

Actions
Copy link

Feature #5838

open

dpdk: NIC encapsulation stripping

Added by Lukas Sismis about 2 years ago. Updated 16 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Adam Kiripolsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Possibly an experiment, especially aimed at IDS setups, where Suricata is not interested in encapsulation inspection.
Some NICs offer native HW offload and that could shave off a few bytes of each packet.
The offload would target the DPDK capture interface.

Related issues 2 (1 open1 closed)

Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #7330: dpdk: support HW VLAN strippingClosedAdam KiripolskyActions
Actions
Copy link
 #1

Updated by Philippe Antoine over 1 year ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #2

Updated by Lukas Sismis about 1 year ago

  • Status changed from New to Assigned
Actions
Copy link
 #4

Updated by Victor Julien about 1 month ago

  • Related to Feature #7330: dpdk: support HW VLAN stripping added
Actions
Copy link
 #5

Updated by Lukas Sismis 17 days ago

  • Status changed from Assigned to In Progress
  • Assignee changed from Lukas Sismis to Adam Kiripolsky

Partially completed.
VLAN stripping:
https://github.com/OISF/suricata/pull/12016

Possible other updates:
other rte_flow actions such as:
OF_POP_VLAN
OF_POP_MPLS
VXLAN_DECAP
NVGRE_DECAP

Actions
Copy link
 #6

Updated by Lukas Sismis 16 days ago

As this is not yet part of a stable release I propose to change vlan-stripping-offload: bool configuration name to something more generic, e.g.:

encap-stripping: ["vlan", "geneve", "mpls"]

This could be in the form of an array, where individual stripping offloads would be listed. This can save us from having individual stripping offloads listed as boolean properties.

Actions
Copy link

Also available in: Atom PDF