[API-NEXT,v5,5/7] api: ipsec: inbound TFC padding and dummy packets

Message ID 1517410819-24732-6-git-send-email-odpbot@yandex.ru
State New
Headers show
  • [API-NEXT,v5,1/7] api: packet: add protocol type enumeration
Related show

Commit Message

Github ODP bot Jan. 31, 2018, 3 p.m.
From: Petri Savolainen <petri.savolainen@linaro.org>

Specify how application can recognize TFC padding and dummy
packets at input. Packet metadata for L3/L4 protocol type
indicate if the original packet was an IP or a TFC dummy packet.
When packet length is larger than protocol fields indicate,
some TFC padding remain in the packet.

Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org>

/** Email created from pull request 403 (psavol:next-ipsec-tfc)
 ** https://github.com/Linaro/odp/pull/403
 ** Patch: https://github.com/Linaro/odp/pull/403.patch
 ** Base sha: 5718327018debbb02aacb464493504c95fbe57a3
 ** Merge commit sha: a8d85f63d9e1de7ba709e84b37a06e3482bdea1d
 include/odp/api/spec/ipsec.h | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)


diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 08533d80d..721f96856 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -1226,12 +1226,23 @@  typedef struct odp_ipsec_status_t {
  * e.g. RFC 4302 and 4303). Resulting packets are well formed, reconstructed
  * original IP packets, with IPSEC headers removed and valid header field values
  * restored. The amount and content of packet data before the IP header is
- * undefined.
+ * undefined. Some amount of TFC padding may follow the IP packet payload,
+ * in which case packet length is larger than protocol headers indicate.
+ * TFC dummy packets have l3_type set to ODP_PROTO_L3_TYPE_NONE in tunnel mode
+ * or l4_type set to ODP_PROTO_L4_TYPE_NO_NEXT in transport mode. Dummy
+ * packets contain implementation specific amount of (dummy) data. Furthermore,
+ * inline IPSEC processing may drop dummy packets.
  * Each successfully transformed packet has a valid value for these metadata
  * regardless of the inner packet parse configuration
  * (odp_ipsec_inbound_config_t):
- * - L3 offset: Offset to the first byte of the (outmost) IP header
+ * - l3_offset: Offset to the first byte of the original IP packet. The value
+ *              is implementation specific for tunnel mode TFC dummy packets.
+ * - l3_type:   Specifies if the original packet is IPv4 or IPv6. For tunnel
+ *              mode TFC dummy packets set to ODP_PROTO_L3_TYPE_NONE.
+ * - l4_type:   Always set to ODP_PROTO_L4_TYPE_NO_NEXT for transport mode dummy
+ *              packets. Otherwise, depends on parse configuration. Default
+ *              value is ODP_PROTO_L4_TYPE_NONE.
  * - pktio:     For inline IPSEC processed packets, original packet input
  *              interface