diff mbox series

[API-NEXT,v2,1/1] api: ipsec: rework ODP_IPSEC_SA_DISABLE into warning bit

Message ID 1506549607-14913-2-git-send-email-odpbot@yandex.ru
State Superseded
Headers show
Series [API-NEXT,v2,1/1] api: ipsec: rework ODP_IPSEC_SA_DISABLE into warning bit | expand

Commit Message

Github ODP bot Sept. 27, 2017, 10 p.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


It is expected that platforms that are not able to support
odp_ipsec_sa_disable() status result in a form of separate event will
set SA hard expiry time to 0, submit a dummy packet to that SA. Then
after receiving this packet after IPsec processing (which should result
in hard expiry breach) odp_ipsec_result() will detect this packet
through the combination of hard_expiry, size, contents, etc and will
report it as a packet with odp_ipsec_warn_t->sa_disabled bit set.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

Cc: Nikhil Agarwal <nikhil.agarwal@linaro.org>
Cc: Balasubramanian Manoharan <bala.manoharan@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 197 (lumag:ipsec_sa_disable_proposal)
 ** https://github.com/Linaro/odp/pull/197
 ** Patch: https://github.com/Linaro/odp/pull/197.patch
 ** Base sha: e04e5f90df69e3031622b77fb5273b85d47eb966
 ** Merge commit sha: c1d876d980198dbe01269d43937fdb5b5a3a9792
 **/
 include/odp/api/spec/ipsec.h | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)
diff mbox series

Patch

diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 5631989fc..846b18ebf 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -837,8 +837,10 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param);
  *
  * When in synchronous operation mode, the call will return when it's possible
  * to destroy the SA. In asynchronous mode, the same is indicated by an
- * ODP_EVENT_IPSEC_STATUS event sent to the queue specified for the SA. The
- * status event is guaranteed to be the last event for the SA, i.e. all
+ * sa_disabled bit in odp_ipsec_warn_t. Warning can be delivered either by an
+ * ODP_EVENT_IPSEC_STATUS event sent to the queue specified for the SA or by
+ * a packet having this bit set in corresponding odp_ipsec_result_t instance.
+ * This warning is guaranteed to be the last event for the SA, i.e. all
  * in-progress operations have completed and resulting events (including status
  * events) have been enqueued before it.
  *
@@ -921,7 +923,12 @@  typedef struct odp_ipsec_error_t {
 
 } odp_ipsec_error_t;
 
-/** IPSEC warnings */
+/** IPSEC warnings
+ *
+ * For outbound SAs in ODP_IPSEC_OP_MODE_INLINE mode warnings can be reported
+ * only as status events. In all other cases warnings can be reported either as
+ * a part of packet result or via separate ODP status event.
+ */
 typedef struct odp_ipsec_warn_t {
 	/** IPSEC warnings */
 	union {
@@ -932,6 +939,9 @@  typedef struct odp_ipsec_warn_t {
 
 			/** Soft lifetime expired: packets */
 			uint32_t soft_exp_packets : 1;
+
+			/** SA was disabled */
+			uint32_t sa_disabled : 1,
 		};
 
 		/** All warnings bits */
@@ -1127,26 +1137,14 @@  typedef struct odp_ipsec_packet_result_t {
  * IPSEC status ID
  */
 typedef enum odp_ipsec_status_id_t {
-	/** Response to SA disable command
-	 *
-	 *  Following status event (odp_ipsec_status_t) fields have valid
-	 *  content, other fields must be ignored:
-	 *  - sa:       The SA that was requested to be disabled
-	 *  - result:   Operation result
-	 */
-	ODP_IPSEC_STATUS_SA_DISABLE = 0,
-
 	/** Warning from inline IPSEC processing
 	 *
 	 *  Following status event (odp_ipsec_status_t) fields have valid
 	 *  content, other fields must be ignored:
 	 *  - sa:       The SA that caused the warning
 	 *  - warn:     The warning(s) reported by this event
-	 *
-	 *  This status event is generated only for outbound SAs in
-	 *  ODP_IPSEC_OP_MODE_INLINE mode.
 	 */
-	ODP_IPSEC_STATUS_WARN
+	ODP_IPSEC_STATUS_WARN = 0,
 
 } odp_ipsec_status_id_t;