NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure (ndis.h)
The NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure specifies information that is used in offloading Internet protocol security (IPsec) tasks from the TCP/IP transport to a miniport driver.
Syntax
typedef struct _NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO {
union {
struct {
NDIS_HANDLE OffloadHandle;
} Transmit;
struct {
USHORT SaDeleteReq : 1;
USHORT CryptoDone : 1;
USHORT NextCryptoDone : 1;
USHORT Pad : 13;
USHORT CryptoStatus;
} Receive;
};
} NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO, *PNDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO;
Members
Transmit
A structure that contains the following members:
Transmit.OffloadHandle
A handle to the outbound security association (SA) for a packet that has just one IPsec payload, regardless of whether that payload is for a transport (end-to-end) connection or a tunnel connection.
Receive
A structure that contains the following members:
Receive.SaDeleteReq
A USHORT value that, when set, indicates that the TCP/IP transport should issue the OID_TCP_TASK_IPSEC_DELETE_SA OID once to delete the inbound SA that the packet was received over and once again to delete the outbound SA that corresponds to the deleted inbound SA. The network interface card (NIC) must not remove either of these SAs before it receives the corresponding OID_TCP_TASK_IPSEC_DELETE_SA request.
Receive.CryptoDone
A USHORT value that, when set, indicates that a NIC performed IPsec checking on at least one IPsec payload in the receive packet. When this value is cleared, it indicates that the NIC did not perform IPsec checking on the packet.
Receive.NextCryptoDone
A USHORT value that, when set, indicates that a NIC performed IPsec checking on both the tunnel and transport portions of the receive packet. CryptoDone must also be set in this case. NextCryptoDone is set only if a packet has both tunnel and transport IPsec payloads; otherwise, NextCryptoDone is set to zero.
Receive.Pad
Reserved for NDIS.
Receive.CryptoStatus
The result of IPsec checking that a NIC performed on a receive packet. This result can be described as one of the following values:
Remarks
Before the TCP/IP transport passes a send packet that a NIC will perform IPsec tasks on to the miniport driver of the NIC, the transport updates the IPsec information in the NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure that is associated with the NET_BUFFER_LIST structure.
Specifically, the TCP/IP transport supplies a value for the OffloadHandle member in the NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure. The OffloadHandle value specifies the handle to the outbound security association (SA) for a packet that has just one IPsec payload, regardless of whether that payload is for a transport (end-to-end) security association or a tunnel security association. The OffloadHandle value that is supplied in the NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure has the same value as the OffloadHandle value that the TCP/IP transport supplied when it set OID_TCP_TASK_IPSEC_ADD_SA to request the miniport driver to add the outbound SA to the NIC.
Before a miniport driver indicates up a receive packet that has one or more IPsec payloads, the driver updates the NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure that is associated with the NET_BUFFER_LIST structure as follows:
- If the NIC performed IPsec checks on at least one IPsec payload in the packet, the miniport driver sets the CryptoDone member and indicates the results of the checksum validation tests by specifying the appropriate value in the CryptoStatus member.
- If the NIC performed IPsec checking on both the tunnel and transport portions of a receive packet, the miniport driver also sets the NextCryptoDone member. NextCryptoDone is set only if a packet has both tunnel and transport IPsec payloads; otherwise, NextCryptoDone is set to zero.
- If the NIC did not perform IPsec checks on the packet, the miniport driver does not set CryptoDone or NextCryptoDone and does not supply a CryptoStatus value.
To set and get the IPsec information, use the IPsecOffloadV1NetBufferListInfo index with the NET_BUFFER_LIST_INFO macro. NET_BUFFER_LIST_INFO returns the NDIS_IPSEC_OFFLOAD_V1_NET_BUFFER_LIST_INFO structure.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Supported in NDIS 6.0. For NDIS 6.1 and later, use NDIS_IPSEC_OFFLOAD_V2_NET_BUFFER_LIST_INFO. |
Header | ndis.h (include Ndis.h) |
See also
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for