@@ -259,6 +259,10 @@ typedef struct odp_ipsec_capability_t {
*/
odp_support_t retain_header;
+ /** Implementation will automatically truncate TFC padding in received
+ * packets */
+ odp_bool tfc_padding_truncate;
+
/** Maximum number of different destination CoSes in classification
* pipelining. The same CoS may be used for many SAs. This is equal or
* less than 'max_cos' capability in classifier API.
@@ -1209,6 +1213,12 @@ typedef struct odp_ipsec_status_t {
* restored. The amount and content of packet data before the IP header is
* undefined.
*
+ * Additional TFC padding might be present after packet contents for ESP tunnel
+ * mode. Received side can use total (IPv4) or payload (IPv6) length from
+ * internal headers to drop such TFC padding. If @tfc_padding_truncate
+ * capability is set, implementation will truncate received packets
+ * automatically. Otherwise ODP application has to truncate packets manually.
+ *
* Each successfully transformed packet has a valid value for these metadata
* regardless of the inner packet parse configuration
* (odp_ipsec_inbound_config_t):
@@ -1274,6 +1284,11 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in,
* with IPSEC, etc headers constructed according to the standards. The amount
* and content of packet data before the IP header is undefined.
*
+ * Additional TFC padding might be present after packet payload for ESP-tunnel
+ * mode. It should be filled by application before submitting packet to ODP.
+ * Such padding will be included into encrypted packet. Receiver side will skip
+ * this padding.
+ *
* Each successfully transformed packet has a valid value for these metadata:
* - L3 offset: Offset to the first byte of the (outmost) IP header
*