diff mbox series

[API-NEXT,v3,4/6] api: ipsec: inbound TFC padding and dummy packets

Message ID 1516892418-5660-5-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v3,1/6] api: ipsec: IP header parameter types | expand

Commit Message

Github ODP bot Jan. 25, 2018, 3 p.m. UTC 
From: Petri Savolainen <petri.savolainen@linaro.org>


Specify how application can recognize TFC padding and dummy
packets at input. Packet metadata flags for IPv4 and IPv6
indicate if the original packet was an IP or a TFC dummy packet.
When packet length is larger than protocol fields indicate,
some TFC padding remain in the packet.

Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org>

---
/** Email created from pull request 403 (psavol:next-ipsec-tfc)
 ** https://github.com/Linaro/odp/pull/403
 ** Patch: https://github.com/Linaro/odp/pull/403.patch
 ** Base sha: 44974a09b01c79adb9637a5dff38539598a76737
 ** Merge commit sha: acecf073764f87bfadb64c598703458d344b39f4
 **/
 include/odp/api/spec/ipsec.h | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 08533d80d..e88f46e90 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -1226,14 +1226,21 @@  typedef struct odp_ipsec_status_t {
  * e.g. RFC 4302 and 4303). Resulting packets are well formed, reconstructed
  * original IP packets, with IPSEC headers removed and valid header field values
  * restored. The amount and content of packet data before the IP header is
- * undefined.
+ * undefined. Some amount of TFC padding may follow the IP packet payload,
+ * in which case packet length is larger than protocol headers indicate.
+ * In tunnel mode, a TFC dummy packet have both IPv4 and IPv6 flags cleared, and
+ * the packet may contain some (dummy) data. Furthermore, inline IPSEC
+ * processing may drop dummy packets.
  *
  * Each successfully transformed packet has a valid value for these metadata
  * regardless of the inner packet parse configuration
  * (odp_ipsec_inbound_config_t):
- * - L3 offset: Offset to the first byte of the (outmost) IP header
- * - pktio:     For inline IPSEC processed packets, original packet input
- *              interface
+ * - l3_offset:  Offset to the first byte of the original IP packet. The value
+ *               is implementation specific for tunnel mode TFC dummy packets.
+ * - has_ipv4/6: Specifies if the original packet is IPv4 or IPv6. For tunnel
+ *               mode TFC dummy packets neither flag is set.
+ * - pktio:      For inline IPSEC processed packets, original packet input
+ *               interface
  *
  * Other metadata for parse results and error checks depend on configuration
  * (selected parse and error check levels).