In this API version, ODP is keeping counters for SA lifetime, so maybe is not a good example. What if we will need to transfer some other info from IPsec engine to application: some flags, sizes etc.? This is why I proposed to have some extensible metadata with the packet and not only L3 and L4 pointers/offsets.
On 29 November 2016 at 16:39, Peltonen, Janne (Nokia - FI/Espoo) < janne.pelto...@nokia.com> wrote: > > Hi, > > > I am wonder how will be calculate lifetime in bytes for asynchronous > > inbound operations and how the application can figure it out from output > > packets: it is only output packet data or should contain ESP > header/trailer > > + outer IP header? > > RFC 4301 says this about byte based SA lifetime: > > If byte count is used, then the implementation SHOULD count the > number of bytes to which the IPsec cryptographic algorithm is > applied. For ESP, this is the encryption algorithm (including > Null encryption) and for AH, this is the authentication > algorithm. This includes pad bytes, etc. > > I did not quite get how async input operations would be any special > (compared to other operations) for lifetime handling or what exactly > the application needs to figure out from the output packets regarding > the lifetime calculation. If the lifetime as bytes gets exhausted, > the application will get to know about it through an event. > > Janne > > >
