Bewerken

Delen via


OID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA_EX

[The IPsec Task Offload feature is deprecated and should not be used.]

As a set, the TCP/IP transport uses the OID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA_EX OID to request that a miniport driver add the specified security associations (SAs) to a NIC.

Note  NDIS supports this OID with the direct OID request interface. For more information about the direct OID request interface, see NDIS 6.1 Direct OID Request Interface.

Remarks

All NDIS 6.30 miniport drivers that support IPsec offload version 2 (IPsecOV2) must support this OID.

After TCP/IP transport determines that a NIC can perform IPsecOV2 operations, the TCP/IP transport requests the miniport driver to add SAs. The transport cannot offload IPsecOV2 operations to the NIC before the transport adds an SA.

The miniport driver configures the NIC for IPsecOV2 processing on the SAs. With a successful set to OID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA_EX, the miniport driver supplies the handle that identifies the offloaded SA in the OffloadHandle member of the IPSEC_OFFLOAD_V2_ADD_SA_EX structure. (For example, the transport uses the handle in the send path to indicate which offloaded SA to use). If an SA was offloaded, the set request is successful.

The miniport driver can return a failure status for the OID request, for example, when the NIC runs out of capacity to offload more SAs. Also, the miniport driver might return a failure status because it needs to avoid a race condition. In this case, the NIC configuration changes and excludes a particular algorithm.

If the request fails, SAs were not offloaded. If failure occurs for an SA, the miniport driver should set the OffloadHandle member in the corresponding IPSEC_OFFLOAD_V2_ADD_SA_EX structure to NULL.

The miniport driver reports the maximum number of SAs that a NIC can support in the SaOffloadCapacity member of the NDIS_IPSEC_OFFLOAD_V2 structure during initialization. If necessary, the TCP/IP transport can set the OID_TCP_TASK_IPSEC_OFFLOAD_V2_DELETE_SA OID to request that the miniport driver delete an SA from the NIC.

This OID is essentially identical to the previous version, OID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA. The only difference is the updated IPSEC_OFFLOAD_V2_ADD_SA_EX structure.

Requirements

Version

Supported in NDIS 6.30 and later.

Header

Ntddndis.h (include Ndis.h)

See also

IPSEC_OFFLOAD_V2_ADD_SA_EX

NDIS_IPSEC_OFFLOAD_V2

OID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA

OID_TCP_TASK_IPSEC_OFFLOAD_V2_DELETE_SA