diff mbox series

[API-NEXT,v2,1/1] doc: userguide: ipsec state machine changes

Message ID 1511830812-4600-2-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v2,1/1] doc: userguide: ipsec state machine changes | expand

Commit Message

Github ODP bot Nov. 28, 2017, 1 a.m. UTC 
From: Bill Fischofer <bill.fischofer@linaro.org>


Split the single IPsec FSM into separate FSM diagrams showing
SA state transitions and IPsec packet operations on SAs.
Update User Guide to reflect these changes as well.

Signed-off-by: Bill Fischofer <bill.fischofer@linaro.org>

---
/** Email created from pull request 296 (Bill-Fischofer-Linaro:ipsec-doc)
 ** https://github.com/Linaro/odp/pull/296
 ** Patch: https://github.com/Linaro/odp/pull/296.patch
 ** Base sha: 90f2fe4ce26e7a2b66bb5eb13e372ccf3dec0d1c
 ** Merge commit sha: e5d742a67346cc2f82191973ebaf97e7addefddb
 **/
 doc/images/.gitignore                  |  3 ++-
 doc/images/ipsec_fsm.gv                | 32 --------------------------------
 doc/images/ipsec_op_fsm.gv             | 21 +++++++++++++++++++++
 doc/images/ipsec_sa_fsm.gv             | 18 ++++++++++++++++++
 doc/users-guide/Makefile.am            |  6 ++++--
 doc/users-guide/users-guide-ipsec.adoc |  9 +++++++--
 6 files changed, 52 insertions(+), 37 deletions(-)
 delete mode 100644 doc/images/ipsec_fsm.gv
 create mode 100644 doc/images/ipsec_op_fsm.gv
 create mode 100644 doc/images/ipsec_sa_fsm.gv
diff mbox series

Patch

diff --git a/doc/images/.gitignore b/doc/images/.gitignore
index 0aa34793f..1876610e5 100644
--- a/doc/images/.gitignore
+++ b/doc/images/.gitignore
@@ -1,5 +1,6 @@ 
 resource_management.svg
-ipsec_fsm.svg
+ipsec_op_fsm.svg
+ipsec_sa_fsm.svg
 pktio_fsm.svg
 timer_fsm.svg
 timeout_fsm.svg
diff --git a/doc/images/ipsec_fsm.gv b/doc/images/ipsec_fsm.gv
deleted file mode 100644
index 1e78c8b85..000000000
--- a/doc/images/ipsec_fsm.gv
+++ /dev/null
@@ -1,32 +0,0 @@ 
-digraph ipsec_state_machine {
-	rankdir=LR;
-	size="12,12";
-	node [fontsize=28];
-	edge [fontsize=28];
-	node [shape=doublecircle]; Unconfigured Configured SA_Ready SA_Expired;
-	node [shape=circle];
-	Unconfigured -> Configured [label="odp_ipsec_config()"
-				   constraint=false];
-	Configured -> SA_Ready [label="odp_ipsec_sa_create()"];
-	SA_Ready -> Disable_Pending [label="odp_ipsec_sa_disable()"];
-	Disable_Pending -> Disable_Check [label="odp_queue_deq()"];
-	Disable_Pending -> Disable_Check [label="odp_schedule()"];
-	SA_Disabled -> Configured [label="odp_ipsec_sa_destroy()"
-				  constraint=false];
-	SA_Ready -> Processing [label="odp_ipsec_in_enq()"];
-	SA_Ready -> Processing [label="odp_ipsec_out_enq()"];
-	Processing -> Op_Complete [label="odp_queue_deq()"];
-	Processing -> Op_Complete [label="odp_schedule()"];
-	Op_Complete -> SA_Expired [label="hard limit reached" constraint=false];
-	SA_Ready -> SA_Ready [label="odp_ipsec_in()"];
-	SA_Ready -> SA_Ready [label="odp_ipsec_out()"];
-	SA_Ready -> SA_Ready [label="odp_ipsec_out_inline()"];
-	SA_Ready -> SA_Expired [label="hard limit reached"];
-	Op_Complete -> SA_Ready [label="odp_ipsec_result()"]
-	Op_Complete -> SA_Ready [label="odp_ipsec_status()"]
-	Disable_Check -> SA_Disabled [label="odp_ipsec_status()"
-				     constraint=false];
-	Disable_Check -> Disable_Pending [label="odp_ipsec_result()"
-					 constraint=false];
-	SA_Expired -> Disable_Pending [label="odp_ipsec_sa_disable()"];
-}
diff --git a/doc/images/ipsec_op_fsm.gv b/doc/images/ipsec_op_fsm.gv
new file mode 100644
index 000000000..52b3e861f
--- /dev/null
+++ b/doc/images/ipsec_op_fsm.gv
@@ -0,0 +1,21 @@ 
+digraph ipsec_op_state_machine {
+	rankdir=LR;
+	size="12,12";
+	node [fontsize=28];
+	edge [fontsize=28];
+	node [shape=doublecircle]; SA_Ready
+	node [shape=circle];
+
+	SA_Ready -> SA_Ready [label="odp_ipsec_in()"];
+	SA_Ready -> SA_Ready [label="odp_ipsec_out()"]
+	SA_Ready -> SA_Ready [label="odp_ipsec_out_inline()"];
+
+	SA_Ready -> Processing [label="odp_ipsec_in_enq()"];
+	SA_Ready -> Processing [label="odp_ipsec_out_enq()"];
+
+	Processing -> Op_Complete [label="odp_queue_deq()"];
+	Processing -> Op_Complete [label="odp_schedule()"];
+
+	Op_Complete -> SA_Ready [label="odp_ipsec_result()"];
+	Op_Complete -> SA_Ready [label="odp_ipsec_status()"];
+}
diff --git a/doc/images/ipsec_sa_fsm.gv b/doc/images/ipsec_sa_fsm.gv
new file mode 100644
index 000000000..93e8f5851
--- /dev/null
+++ b/doc/images/ipsec_sa_fsm.gv
@@ -0,0 +1,18 @@ 
+digraph ipsec_sa_state_machine {
+	rankdir=LR;
+	size="12,12";
+	node [fontsize=28];
+	edge [fontsize=28];
+	node [shape=doublecircle]; Nonexistent SA_Ready SA_Expired
+	node [shape=circle];
+
+	SA_Ready -> SA_Ready [label="ODP IPsec packet operations"];
+	Nonexistent -> SA_Ready [label="odp_ipsec_sa_create()"
+				constraint=false];
+	SA_Ready -> SA_Expired [label="hard limit reached"];
+	SA_Expired -> Disable_Pending [label="odp_ipsec_sa_disable()"];
+	SA_Ready -> Disable_Pending [label="odp_ipsec_sa_disable()"];
+	Disable_Pending -> Disable_Pending [label="odp_ipsec_result()"];
+	Disable_Pending -> SA_Disabled [label="odp_ipsec_status()"];
+	SA_Disabled -> Nonexistent [label="odp_ipsec_sa_destroy()"];
+}
diff --git a/doc/users-guide/Makefile.am b/doc/users-guide/Makefile.am
index 54f87bb63..171e0cf28 100644
--- a/doc/users-guide/Makefile.am
+++ b/doc/users-guide/Makefile.am
@@ -11,7 +11,8 @@  SRC    = users-guide.adoc \
 TARGET = users-guide.html
 IMAGES = $(IMAGES_DIR)/overview.svg \
 	 $(IMAGES_DIR)/atomic_queue.svg \
-	 $(IMAGES_DIR)/ipsec_fsm.svg \
+	 $(IMAGES_DIR)/ipsec_op_fsm.svg \
+	 $(IMAGES_DIR)/ipsec_sa_fsm.svg \
 	 $(IMAGES_DIR)/odp_components.svg \
 	 $(IMAGES_DIR)/ODP-Logo-HQ.svg \
 	 $(IMAGES_DIR)/odp_rx_processing.svg \
@@ -48,7 +49,8 @@  IMAGES += $(IMAGES_DIR)/resource_management.svg
 endif
 
 IMAGES_SRCS = \
-	 $(IMAGES_DIR)/ipsec_fsm.gv \
+	 $(IMAGES_DIR)/ipsec_op_fsm.gv \
+	 $(IMAGES_DIR)/ipsec_sa_fsm.gv \
 	 $(IMAGES_DIR)/pktio_fsm.gv \
 	 $(IMAGES_DIR)/resource_management.msc \
 	 $(IMAGES_DIR)/timeout_fsm.gv \
diff --git a/doc/users-guide/users-guide-ipsec.adoc b/doc/users-guide/users-guide-ipsec.adoc
index d560df9c4..ded22abb8 100644
--- a/doc/users-guide/users-guide-ipsec.adoc
+++ b/doc/users-guide/users-guide-ipsec.adoc
@@ -245,9 +245,14 @@  As can be seen, SAs have a large degree of configurability.
 
 ==== SA Lifecycle Management
 In discussing the lifecycle of an SA, it is useful to refer to the following
-state diagram:
+two state diagrams. The first shows the SA state transitions:
 
-image::ipsec_fsm.svg[align="center"]
+image::ipsec_sa_fsm.svg[align="center"]
+
+The second shows the state transitions of IPsec operations performed against
+SAs:
+
+image::ipsec_op_fsm.svg[align="center"]
 
 After creation, IPsec services are active for this Security Association.  The
 specific APIs that can be used on this SA depends on the IPsec operating mode