Network-based computational accelerator

The invention claimed is: 1. A data processing device, comprising: a first packet communication interface for communication with at least one host processor via a network interface controller (NIC); a second packet communication interface for communication with a packet data network; a memory, configured to hold a flow state table containing context information with respect to multiple packet flows conveyed between the host processor and the network via the first and second packet communication interfaces; and acceleration logic, which is coupled between the first and second packet communication interfaces and is configured to perform computational operations on payloads of packets in the multiple packet flows using the context information in the flow state table, wherein the acceleration logic is configured, upon receiving in a given flow, through the second packet communication interface, a packet that is out of order, to mark the given flow as an out-of-order flow in the flow state table and to convey the packet through the first packet communication interface along with a notification that the given flow is out of order, and wherein the acceleration logic is configured, after conveying the notification that the given flow is out of order, to receive from the at least one host processor an update to the flow state table with respect to the given flow, and following the update, to resume performing the computational operations on the packets in the given flow. 2. The device according to claim 1 , wherein the first and second packet communication interfaces comprise Ethernet interfaces. 3. The device according to claim 1 , wherein the multiple packet flows comprise first packets conveyed by the NIC to the device through the first packet communication interface for transmission to the packet data network and second packets conveyed from the packet data network to the device through the second packet communication interface for delivery to the NIC, and wherein the acceleration logic is configured to perform the computational operations on both the first and the second packets before passing the first and the second packets to the second and the first packet communication interfaces, respectively. 4. The device according to claim 1 , wherein the computational operations performed by the acceleration logic comprise cryptographic computations, and wherein the context information comprises cryptographic parameters. 5. The device according to claim 4 , wherein the cryptographic parameters comprise a respective encryption key and encryption state for each of the packet flows. 6. The device according to claim 1 , wherein the multiple packet flows comprise transport-layer flows, and wherein the context information comprises multiple flow table entries that are respectively keyed to the transport-layer flows. 7. The device according to claim 6 , wherein the transport-layer flows comprise sequences of the packets that are transmitted in accordance with the Transmission Control Protocol (TCP), and wherein the flow table entries contain TCP header information. 8. The device according to claim 6 , wherein the acceleration logic is configured to store the entries in the flow state table in response to table update instructions conveyed by the host processor to the acceleration logic via the first packet communication interface. 9. The device according to claim 1 , wherein the acceleration logic is configured to check the data packets against a predefined condition, and to pass the packets through between the packet communication interfaces without performing the computational operations on the payloads of the packets when the packets do not satisfy the predefined condition. 10. The device according to claim 9 , wherein the predefined condition is that the flow state table contain an entry corresponding to a flow to which the packet belongs. 11. The device according to claim 9 , wherein the predefined condition, when the packet is received by the acceleration logic through the first packet communication interface, is that the packet is conveyed from the NIC with a mark indicating that handling of the packet by the acceleration logic is needed. 12. The device according to claim 9 , wherein the predefined condition is that the packet have a sequence number that matches an expected sequence number that is recorded in the flow state table for a flow to which the packet belongs. 13. The device according to claim 1 , wherein the first packet communication interface is configured to be coupled to communicate with multiple host processors, including at least first and second host processors, wherein the flow state table contains context information with respect to at least first and second packet flows conveyed via the device to and from the first and second host processors, respectively. 14. A data processing device, comprising: a first packet communication interface for communication with at least one host processor via a network interface controller (NIC); a second packet communication interface for communication with a packet data network; a memory, configured to hold a flow state table containing context information with respect to multiple packet flows conveyed between the host processor and the network via the first and second packet communication interfaces; and acceleration logic, which is coupled between the first and second packet communication interfaces and is configured to perform computational operations on payloads of packets in the multiple packet flows using the context information in the flow state table, wherein the acceleration logic is configured to check the data packets against a predefined condition, and to pass a packet through between the packet communication interfaces without performing the computational operations on a payload of the packet when the packet does not satisfy the predefined condition, wherein the acceleration logic is configured, after passing a given packet received from the second packet communication interface through to the first packet communication interface without performing the computational operations, to receive, via the first packet communication interface, a replay instruction with respect to the given packet, and in response to the replay instruction, to perform the computational operations on a payload of the given packet and to pass the payload, following performance of the computational operations, to the NIC via the first packet communication interface. 15. A method for data processing, comprising: receiving in a computational accelerator, which is coupled via a first packet communication interface to communicate with at least one host processor via a network interface controller (NIC) and via a second packet communication interface to communication with a packet data network, a flow of data packets through one of the first and second interfaces for conveyance to the other of the first and second packet communication interfaces; looking up context information with respect to the flow in a flow state table, which contains respective context entries with respect to multiple packet flows conveyed between the host processor and the network; performing, in the computational accelerator, a predefined computational operation on a payload of a data packet in the flow using the context information; after performing the predefined computational operation, transmitting the data packet through the other of the first and second packet communication interfaces; upon receiving from the network in a given flow the packet that is out of order, marking the given flow as an out-of-order flow