Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
[The IPsec Task Offload feature is deprecated and should not be used.]
Before the TCP/IP transport passes to the miniport driver a NET_BUFFER_LIST structure for a packet on which a NIC will perform Internet protocol security (IPsec) tasks, it updates the IPsec information that is associated with the NET_BUFFER_LIST structure. The TCP/IP transport specifies this information in an NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure, which is part of the NET_BUFFER_LIST information (out-of-band data) that is associated with the NET_BUFFER_LIST structure.
The TCP/IP transport supplies OffloadHandle, which specifies the handle to the outbound SA for the transport (end-to-end connection) portion of the send packet. If the packet will be transmitted through a tunnel, the TCP/IP transport also supplies NextOffloadHandle, which specifies the handle to the outbound SA for the tunnel portion of the send packet.
After a miniport driver receives the NET_BUFFER_LIST structure in its MiniportSendNetBufferLists or MiniportCoSendNetBufferLists function, it can call the NET_BUFFER_LIST_INFO macro with an _Id of IPsecOffloadV1NetBufferListInfo to obtain the NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure that is associated with the NET_BUFFER_LIST structure.
When the NIC performs IPsec processing on a send packet, it calculates the AH or ESP encryption checksums (or both) for the packet and, if the packet contains an ESP payload, encrypts the packet. The TCP/IP transport has already framed the packet, padded it (if necessary), and assigned it a sequence number and SPI.