Hello, I was thinking about another minor part of IPsec RFCs: dummy packets used to mask traffic statistics. IPsec implementation is required to drop ESP packets with NH = 59 (no next header) on receiver side and is expected to be able to generate these packets on transmitter side. Currently we do not provide a way to inject these packets in any way.
Possible solutions: TX side: - Add API call to transmit single packet. - Extend transmit parameters to specify next header (IPv4, IPv6 or NoNH) for each packet to be transmitted (per-packet or per-odp call). - ??? RX side: - Silently drop NoNH packets - Report NoNH packets to app via error or status event mechanism. - ??? -- With best wishes Dmitry