Petri Savolainen(psavol) replied on github web page:
include/odp/api/spec/ipsec.h
line 4
@@ -1207,6 +1207,7 @@ typedef struct odp_ipsec_status_t {
*
* Each input packet must have a valid value for these metadata (other metadata
* is ignored):
+ * - IPv4 or IPv6 flag: Set packet flag according to packet contents.
Comment:
There would be significant performance difference of using this flag vs reading
the version from packet data, if any SW (application or implementation) would
not need otherwise to read/write the IP header at all. If SW reads/writes it
for any other reason during packet processing/output - e.g. application
reads/writes IP addresses, implementation insert pseudo header checksum to L4
(as Intel NICs require), etc ... the benefit would diminish as the data is
already in CPU cache.
I'd expect that in common case an IPSEC application reads/writes the IP header,
instead of blindly forwarding the packet.
Also, IPSEC and pktout (chksum offload, etc) spec should have the same
requirements for the same functionality. So, if IP flag would be added here, it
would be needed to be added to pktout as well.
> Dmitry Eremin-Solenikov(lumag) wrote:
> @psavol @JannePeltonen @muvarov @NikhilA-Linaro
> In most cases application will already have knowledge about payload protocol.
> So it is easier to provide such knowledge to IPsec machinery. So this is
> basically a question to @NikhilA-Linaro, If I got it right from SEC manual,
> your hardware also requires providing IP version, does it not?
>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @psavol @JannePeltonen @muvarov @NikhilA-Linaro
>> In most cases such flag will be set by inbound packet parser (or known by
>> the application). Otherwise such packet will not be received by inbound API.
>> Well, unless an application submits all inbound packets to IPsec, which
>> seems quite strange to me.
https://github.com/Linaro/odp/pull/328#discussion_r156308295
updated_at 2017-12-12 09:20:25
