    Innova Flex 4 Lx EN : REGEX/DPI engine for iptables (Linux)




      I am very interested in Innova Flex 4 Lx EN Adapter Cards - http://www.mellanox.com/related-docs/prod_adapter_cards/PB_Innova_Flex4_Lx_EN.PDF


      I need to implement a simple pattern matching solution for x86 platform (REGEX/DPI), actually in the starting phase of the project to examine SNI fields present in the packet payload during TLS handshake.


      So I am looking for some Smart NIC capable of doing regex operations (DPI) on the packets that are passing through it. I hope Innova Flex (or others?) should be capable of doing it (according to a datasheet).

      So, the question is presence of the NIC drivers for Linux and support for the pattern matching. Ideally I need a proprietary iptables module that would handle the traffic matching with your NIC.

      Does it already exist or is there a SDK for Linux iptables with some example code (i.e. how to implement a iptables module) how to consume hardware regex offload capabilities of Smart NICs ?

      I need to have something like iptables modules called xt_layer7 or xt_string, but L7/REGEX matching to done by hardware offload...


      Thank you for any answer.