Feature #5838
open
dpdk: NIC encapsulation stripping
Added by Lukas Sismis about 2 years ago.
Updated 17 days ago.
Description
Possibly an experiment, especially aimed at IDS setups, where Suricata is not interested in encapsulation inspection.
Some NICs offer native HW offload and that could shave off a few bytes of each packet.
The offload would target the DPDK capture interface.
- Related to Task #6443: Suricon 2023 brainstorm added
- Status changed from New to Assigned
- Status changed from Assigned to In Progress
- Assignee changed from Lukas Sismis to Adam Kiripolsky
As this is not yet part of a stable release I propose to change vlan-stripping-offload: bool configuration name to something more generic, e.g.:
encap-stripping: ["vlan", "geneve", "mpls"]
This could be in the form of an array, where individual stripping offloads would be listed. This can save us from having individual stripping offloads listed as boolean properties.
Also available in: Atom
PDF