Deleting a Security Association from a NIC (NDIS 5.1)
Note NDIS 5. x has been deprecated and is superseded by NDIS 6. x. For new NDIS driver development, see Network Drivers Starting with Windows Vista. For information about porting NDIS 5. x drivers to NDIS 6. x, see Porting NDIS 5.x Drivers to NDIS 6.0.
If necessary, the TCP/IP transport can set OID_TCP_TASK_IPSEC_DELETE_SAto request that the miniport driver delete a security association (SA) from its NIC.
To make room for another SA on the NIC, the miniport driver can set SA_DELETE_REQ in the NDIS_IPSEC_PACKET_INFOstructure for a receive packet. The TCP/IP transport subsequently issues OID_TCP_TASK_IPSEC_DELETE_SA one time to delete the inbound security association (SA) over which the packet was received and another time to delete the outbound SA that corresponds to the deleted inbound SA. The miniport driver's NIC must not remove either of these SAs before it receives the corresponding OID_TCP_TASK_IPSEC_DELETE_SA request. The miniport driver can set SA_DELETE_REQ independently of CRYPTO_DONE.