Hi,
> - odp_ipsec_result() would change buffer type from IPSEC_RESULT to
> PACKET, extract ipsec_op_result, etc. After this operation original
> event is unsuitable for further operations.
An added complication with ODP IPsec is fragmentation offload that can cause
multiple result packets for one input packet in outbound IPsec offload.
> Ugh. An application does not have a way to determine the amount of
> memory it needs (well, unless it depends on 1:1 event <-> packet
> correspondence as ipsec_offload does).
Currently there is no 1:1 correspondence since one input packet
can cause multiple output packets and in the current API multiple
such sets of fragmented packets may come through the same event.
Note also that an application using the IPsec API needs to know how many
result packets it gets out of certain input packet to be able to track
SA usage and the operations in flight. The current API promises that
all the result fragments of an input packet are delivered in the same
event in consecutive slots in a way that allows the necessary bookkeeping
by the application.
Janne
